cURL and libcurl verify_certificate Function Out-of-Bounds Read Vulnerability

CERT-LatestNews ThreatsCybercrime VulnerabilitiesAll

A vulnerability in cURL and libcurl could allow an unauthenticated, remote attacker to completely compromise a targeted system. The vulnerability is due to improper certificate validation by the verify_certificate function, as defined in the lib/vtls/schannel.c source code file of the affected software.