VDB

ALPINE-CVE-2014-0139

ALPINE-CVE-2014-0139 PUBLISHED

cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Affected Products

VendorProductVersions
Alpine:v3.20curl7.20.1-r0, 0, 7.35.0-r0
Alpine:v3.7curl7.19.2-r1, 7.19.5-r0, 7.19.6-r0
Alpine:v3.10curl7.19.2-r0, 0, 7.35.0-r0
Alpine:v3.16curl0, 7.35.0-r0, 7.34.0-r1
Alpine:v3.23curl7.19.2-r1, 0, 7.35.0-r0
Alpine:v3.9curl0, 7.19.2-r1, 7.19.4-r0
Alpine:v3.12curl0, 0, 7.35.0-r0
Alpine:v3.6curl7.19.4-r0, 7.19.2-r0, 7.19.5-r0
Alpine:v3.11curl7.35.0-r0, 7.34.0-r1, 7.34.0-r0
Alpine:v3.5curl0, 7.19.2-r0, 0
Alpine:v3.18curl7.19.2-r0, 0, 7.35.0-r0
Alpine:v3.4curl7.20.1-r0, 7.19.7-r0, 7.19.4-r0
Alpine:v3.17curl7.35.0-r0, 7.34.0-r1, 7.34.0-r0
Alpine:v3.21curl7.32.0-r0, 7.21.5-r0, 0
Alpine:v3.24curl0
Alpine:v3.19curl7.19.2-r0, 7.19.2-r1, 0
Alpine:v3.8curl7.21.7-r0, 7.21.6-r0, 7.21.7-r1
Alpine:v3.22curl0, 0, 7.19.2-r1
Alpine:v3.15curl7.19.2-r1, 7.19.4-r0, 7.19.5-r0
Alpine:v3.14curl7.19.2-r0, 0, 7.35.0-r0

…and 1 more

Timeline

  • Apr 15, 2014 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 9, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›