VDB

ALPINE-CVE-2016-7141

ALPINE-CVE-2016-7141 PUBLISHED CVSS 7.5 HIGH

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.

Risk Scores

CVSS 3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
Alpine:v3.2curl7.49.1-r0, 7.27.0-r1, 7.21.7-r1
Alpine:v3.20curl7.21.3-r1, 0, 7.19.2-r0
Alpine:v3.7curl7.33.0-r0, 7.21.0-r0, 0
Alpine:v3.6curl7.46.0-r2, 7.49.0-r0, 7.45.0-r1
Alpine:v3.9curl7.28.0-r0, 7.21.7-r1, 7.20.1-r1
Alpine:v3.23curl7.45.0-r1, 0, 7.19.2-r0
Alpine:v3.10curl7.26.0-r0, 7.28.1-r0, 7.19.4-r0
Alpine:v3.22curl7.43.0-r0, 7.45.0-r0, 7.46.0-r0
Alpine:v3.16curl7.21.1-r0, 0, 7.19.2-r0
Alpine:v3.13curl0, 7.37.0-r0, 7.37.1-r0
Alpine:v3.21curl7.43.0-r0, 7.34.0-r1, 7.20.1-r0
Alpine:v3.19curl7.30.0-r0, 7.41.0-r0, 7.49.1-r0
Alpine:v3.24curl0, 0
Alpine:v3.11curl7.19.2-r0, 7.50.1-r0, 7.50.0-r0
Alpine:v3.17curl7.41.0-r0, 0, 7.19.2-r0
Alpine:v3.5curl7.37.0-r0, 0, 0
Alpine:v3.3curl0, 0, 0
Alpine:v3.4curl7.27.0-r1, 7.21.7-r2, 7.20.1-r0
Alpine:v3.18curl7.46.0-r0, 7.37.1-r0, 0
Alpine:v3.8curl7.42.1-r0, 7.21.6-r0, 7.37.1-r0

…and 3 more

Timeline

  • Oct 3, 2016 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 9, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›