VDB

ALPINE-CVE-2016-5420

ALPINE-CVE-2016-5420 PUBLISHED CVSS 7.5 HIGH

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

Risk Scores

CVSS 3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
Alpine:v3.20curl0, 7.42.0-r0, 7.39.0-r0
Alpine:v3.3curl7.19.4-r0, 7.47.0-r0, 7.46.0-r1
Alpine:v3.11curl7.26.0-r0, 0, 7.19.2-r0
Alpine:v3.9curl7.46.0-r1, 7.21.4-r1, 7.21.4-r0
Alpine:v3.4curl7.21.5-r0, 7.21.4-r0, 7.21.3-r1
Alpine:v3.12curl7.29.0-r0, 7.28.1-r0, 7.27.0-r1
Alpine:v3.5curl7.44.0-r0, 0, 0
Alpine:v3.16curl7.34.0-r1, 0, 7.19.2-r0
Alpine:v3.24curl0, 0
Alpine:v3.23curl7.20.1-r0, 7.34.0-r0, 7.50.0-r0
Alpine:v3.22curl7.21.6-r0, 0, 7.19.2-r0
Alpine:v3.7curl0, 0, 7.50.0-r0
Alpine:v3.10curl7.39.0-r0, 0, 0
Alpine:v3.19curl0, 0, 7.50.0-r0
Alpine:v3.13curl7.49.0-r0, 0, 7.19.2-r0
Alpine:v3.2curl7.25.0-r0, 7.21.7-r1, 7.19.7-r0
Alpine:v3.15curl7.21.7-r1, 7.21.7-r2, 7.24.0-r0
Alpine:v3.8curl7.40.0-r0, 0, 0
Alpine:v3.6curl7.19.5-r0, 7.19.6-r0, 7.19.7-r0
Alpine:v3.14curl0, 7.19.2-r0, 7.19.2-r1

…and 3 more

Timeline

  • Aug 10, 2016 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 9, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›