DEBIAN-CVE-2016-5419

DEBIAN-CVE-2016-5419 PUBLISHED CVSS 7.5 HIGH

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:13	curl	0, 0, 0
Debian:12	curl	0, 0, 0
Debian:11	curl	0, 0, 0
Debian:14	curl	0, 0, 0

Timeline

Aug 10, 2016 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2016-5419 advisory

Open in Interactive Console →