{"id":"CURL-CVE-2007-3564","summary":"GnuTLS insufficient cert verification","details":"libcurl (when built to use GnuTLS) fails to verify that a peer's certificate\nhas not already expired or has not yet become valid. This allows malicious\nservers to present certificates to libcurl that were not rejected properly.\n\nNotably, the CA certificate and common name checks are still in place which\nreduces the risk for random servers to take advantage of this flaw.","aliases":["CVE-2007-3564"],"modified":"2026-04-25T16:17:54.771877Z","published":"2007-07-10T08:00:00Z","database_specific":{"last_affected":"7.16.3","URL":"https://curl.se/docs/CVE-2007-3564.json","CWE":{"desc":"Improper Validation of Certificate Expiration","id":"CWE-298"},"affects":"both","severity":"Low","package":"curl","www":"https://curl.se/docs/CVE-2007-3564.html"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.14.0"},{"fixed":"7.16.4"}]}],"versions":["7.16.3","7.16.2","7.16.1","7.16.0","7.15.5","7.15.4","7.15.3","7.15.2","7.15.1","7.15.0","7.14.1","7.14.0"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2007-3564.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kees Cook","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}