VDB
ALPINE-CVE-2016-5419
ALPINE-CVE-2016-5419
PUBLISHED
CVSS 7.5 HIGH
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
Risk Scores
CVSS 3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.3 | curl | 7.40.0-r0, 7.46.0-r1, 7.47.0-r0 |
| Alpine:v3.4 | curl | 7.19.7-r1, 7.20.1-r0, 7.20.1-r1 |
| Alpine:v3.6 | curl | 0, 7.19.2-r0, 7.19.4-r0 |
| Alpine:v3.5 | curl | 7.22.0-r0, 7.21.7-r0, 7.42.0-r0 |
| Alpine:v3.13 | curl | 0, 7.19.2-r1, 7.19.4-r0 |
| Alpine:v3.15 | curl | 7.19.2-r1, 7.19.2-r0, 7.19.2-r1 |
| Alpine:v3.11 | curl | 0, 7.50.0-r0, 7.49.1-r0 |
| Alpine:v3.22 | curl | 7.23.1-r0, 0, 7.19.2-r0 |
| Alpine:v3.7 | curl | 7.41.0-r0, 0, 7.30.0-r0 |
| Alpine:v3.9 | curl | 7.27.0-r1, 7.21.7-r0, 7.21.7-r2 |
| Alpine:v3.12 | curl | 7.43.0-r0, 0, 7.19.2-r0 |
| Alpine:v3.18 | curl | 0, 0, 7.19.2-r0 |
| Alpine:v3.10 | curl | 7.29.0-r0, 0, 7.50.0-r0 |
| Alpine:v3.2 | curl | 0, 7.21.1-r0, 0 |
| Alpine:v3.19 | curl | 7.21.4-r1, 0, 7.50.0-r0 |
| Alpine:v3.21 | curl | 7.46.0-r1, 0, 7.19.2-r0 |
| Alpine:v3.20 | curl | 7.21.3-r1, 7.19.2-r0, 0 |
| Alpine:v3.24 | curl | 0 |
| Alpine:v3.23 | curl | 0, 7.45.0-r1, 7.45.0-r0 |
| Alpine:v3.16 | curl | 7.20.1-r1, 7.43.0-r0, 0 |
…and 3 more
Exploit Intelligence
- glcve_test.go (github-poc)
Timeline
- Aug 10, 2016 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 9, 2026 CVE Updated