VDB
ALPINE-CVE-2016-5420
ALPINE-CVE-2016-5420
PUBLISHED
CVSS 7.5 HIGH
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
Risk Scores
CVSS 3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.20 | curl | 0, 7.42.0-r0, 7.39.0-r0 |
| Alpine:v3.3 | curl | 7.19.4-r0, 7.47.0-r0, 7.46.0-r1 |
| Alpine:v3.11 | curl | 7.26.0-r0, 0, 7.19.2-r0 |
| Alpine:v3.9 | curl | 7.46.0-r1, 7.21.4-r1, 7.21.4-r0 |
| Alpine:v3.4 | curl | 7.21.5-r0, 7.21.4-r0, 7.21.3-r1 |
| Alpine:v3.12 | curl | 7.29.0-r0, 7.28.1-r0, 7.27.0-r1 |
| Alpine:v3.5 | curl | 7.44.0-r0, 0, 0 |
| Alpine:v3.16 | curl | 7.34.0-r1, 0, 7.19.2-r0 |
| Alpine:v3.24 | curl | 0, 0 |
| Alpine:v3.23 | curl | 7.20.1-r0, 7.34.0-r0, 7.50.0-r0 |
| Alpine:v3.22 | curl | 7.21.6-r0, 0, 7.19.2-r0 |
| Alpine:v3.7 | curl | 0, 0, 7.50.0-r0 |
| Alpine:v3.10 | curl | 7.39.0-r0, 0, 0 |
| Alpine:v3.19 | curl | 0, 0, 7.50.0-r0 |
| Alpine:v3.13 | curl | 7.49.0-r0, 0, 7.19.2-r0 |
| Alpine:v3.2 | curl | 7.25.0-r0, 7.21.7-r1, 7.19.7-r0 |
| Alpine:v3.15 | curl | 7.21.7-r1, 7.21.7-r2, 7.24.0-r0 |
| Alpine:v3.8 | curl | 7.40.0-r0, 0, 0 |
| Alpine:v3.6 | curl | 7.19.5-r0, 7.19.6-r0, 7.19.7-r0 |
| Alpine:v3.14 | curl | 0, 7.19.2-r0, 7.19.2-r1 |
…and 3 more
Timeline
- Aug 10, 2016 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 9, 2026 CVE Updated