You are here

curl: certificate name verification vulnerabilities

IDs: 
CVE-2013-4545, CVE-2013-6422
Keywords: 
curl, TLS, SSL, certificate
Description: 

The following two curl vulnerabilities related to SSL peer certificate verification has been published. Both vulnerabilities do not affect Airlock.

CVE-2013-4545

Certificate Common Name and SAN checks may unintentionally be deactivated if a related certificate check is disabled. Airlock is not affected because the vulnerable combination of curl options is not used.

CVE-2013-6422

Using GnuTLS as TLS/SSL library in curl may unintentionally disable server name verification. Airlock is not affected because OpenSSL is used as TLS/SSL library in curl.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required