{"id":"CURL-CVE-2017-7468","summary":"TLS session resumption client cert bypass (again)","details":"libcurl would attempt to resume a TLS session even if the client certificate\nhad changed. That is unacceptable since a server by specification is allowed\nto skip the client certificate check on resume, and may instead use the old\nidentity which was established by the previous certificate (or no\ncertificate).\n\nlibcurl supports by default the use of TLS session id/ticket to resume\nprevious TLS sessions to speed up subsequent TLS handshakes. They are used\nwhen for any reason an existing TLS connection could not be kept alive to make\nthe next handshake faster.\n\nThis flaw is a regression and identical to\n[CVE-2016-5419](https://curl.se/docs/CVE-2016-5419.html) reported on\nAugust 3rd 2016, but affecting a different version range.","aliases":["CVE-2017-7468"],"modified":"2024-07-02T09:22:24Z","published":"2017-04-19T08:00:00Z","database_specific":{"www":"https://curl.se/docs/CVE-2017-7468.html","severity":"High","package":"curl","affects":"both","CWE":{"id":"CWE-305","desc":"Authentication Bypass by Primary Weakness"},"last_affected":"7.53.1","URL":"https://curl.se/docs/CVE-2017-7468.json"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.52.0"},{"fixed":"7.54.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"95c717bbd9c327c38b4efcc37d5cda29b8ee2a36"},{"fixed":"33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26"}]}],"versions":["7.53.1","7.53.0","7.52.1","7.52.0"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2017-7468.json","vanir_signatures":[{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-08eb3bb4","target":{"function":"mbed_connect_step3","file":"lib/vtls/mbedtls.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":903,"function_hash":"81832264132217420897596638504358830920"},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-0a40569e","target":{"function":"mbed_connect_step1","file":"lib/vtls/mbedtls.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":6840,"function_hash":"166282236628170077188234170377384957738"},"signature_version":"v1"},{"signature_type":"Line","deprecated":false,"id":"CURL-CVE-2017-7468-0a59319c","target":{"file":"lib/vtls/polarssl.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"threshold":0.9,"line_hashes":["172535929888223011783778183892271970533","334897269977797547527437412523240801010","316290574376333545080720108887940992854","320141749657151122226833407483099338566","316837432126527030999593181764192832858","165121328276448230237395237624634969067","176764389375001740922879651704515670298","182367826940189150411598452128702814993"]},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-0ae5051c","target":{"function":"connect_prep","file":"lib/vtls/axtls.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":2835,"function_hash":"279503743348125613033243234075725749326"},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-0e32bb58","target":{"function":"polarssl_connect_step1","file":"lib/vtls/polarssl.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":5576,"function_hash":"136159184821338672959887040673907266593"},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-13d32a58","target":{"function":"Curl_ssl_addsessionid","file":"lib/vtls/vtls.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":1822,"function_hash":"19147306859960512338549356584179504682"},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-2485e724","target":{"function":"cyassl_connect_step3","file":"lib/vtls/cyassl.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":795,"function_hash":"340219282155802980007599642090641472587"},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-385dbf06","target":{"function":"schannel_connect_step3","file":"lib/vtls/schannel.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":3670,"function_hash":"134275649985578035858819786439228985804"},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-3b067fe6","target":{"function":"Curl_setopt","file":"lib/url.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":41149,"function_hash":"186063592302048064341052431850287959819"},"signature_version":"v1"},{"signature_type":"Line","deprecated":false,"id":"CURL-CVE-2017-7468-42849d81","target":{"file":"lib/urldata.h"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"threshold":0.9,"line_hashes":["198683916145087094504816435109645840028","220993303376407926104727675957746652808","217590300289916129302901245853548350950","263933567589203802068510968211470018283","37237727345207122061121308812990696893","183620494746353697031880640597676054442","310519466166569378997485342138094102457","318457620815968669041058515157763605892"]},"signature_version":"v1"},{"signature_type":"Line","deprecated":false,"id":"CURL-CVE-2017-7468-4c52a3c9","target":{"file":"lib/vtls/nss.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"threshold":0.9,"line_hashes":["226062542996496566610619624517220087723","168422041360499877163194472367765437365","16597518888896020125047678013284840202","10196245510871729399561067670661265950"]},"signature_version":"v1"},{"signature_type":"Line","deprecated":false,"id":"CURL-CVE-2017-7468-4cf7f74b","target":{"file":"lib/vtls/openssl.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"threshold":0.9,"line_hashes":["3484413151559110847629953968689299614","127435901089798347445367850882344270330","307182354759299789758272271073297658794","225999323467492088213181556157791288884","295544463428996478277168135050247241882","294080755172784084334914202198171582322","338983798372813334220075477224829486290","309011341883195210562696330121187255319"]},"signature_version":"v1"},{"signature_type":"Line","deprecated":false,"id":"CURL-CVE-2017-7468-55585bf2","target":{"file":"lib/vtls/gtls.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"threshold":0.9,"line_hashes":["304944049800724466033832218361855929585","223559907521306230261566398107942616160","176603468535859319188236249466095932518","246607907468849784672975528232247180331","261384324587976263685369159698697776837","41924717219160173322944626444769413175","67417828930773406314665790863667401239","157136939233374176486697533688991007220"]},"signature_version":"v1"},{"signature_type":"Line","deprecated":false,"id":"CURL-CVE-2017-7468-55ce3445","target":{"file":"lib/vtls/axtls.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"threshold":0.9,"line_hashes":["234221247272631194186955184548042020411","127402192331361534514997249802002814893","243532361662396918869004810956295746340","317969139351793729205892397855322505080","15550668665059926245730204014282661393","281908038642262337341062881592136003452","337560906621521095310612056951076534867","269460142314651276683266323977837711389"]},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-697c03ae","target":{"function":"ossl_connect_step3","file":"lib/vtls/openssl.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":926,"function_hash":"248655825252225640739976446866483596787"},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-7055fa11","target":{"function":"gtls_connect_step1","file":"lib/vtls/gtls.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":9992,"function_hash":"86989449867147140585499829556710791671"},"signature_version":"v1"},{"signature_type":"Line","deprecated":false,"id":"CURL-CVE-2017-7468-75d84f41","target":{"file":"lib/vtls/vtls.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"threshold":0.9,"line_hashes":["116697888569036184393815776384672557336","152745555996263714410966109696682743774","52374577630118744198385446922458739829","74416640931190703843200813839455857573","22837926033272325833661684278689218053","159379940730082903627531732468488244752","184471173096679396495570725207117878796","144213151731839508086548969234714954344","91692495661077648122901031513128211902","103460718216629164962317583030439884837","288237901086593522083499978768193844005","42839922563790317796979170517671290641","97265958273733508290996031703001850020"]},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-76f5fca2","target":{"function":"schannel_connect_step1","file":"lib/vtls/schannel.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":7645,"function_hash":"178211371624334607632434206821056443660"},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-78344e46","target":{"function":"cyassl_connect_step1","file":"lib/vtls/cyassl.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":6963,"function_hash":"32143773790933574543265236741649262861"},"signature_version":"v1"},{"signature_type":"Line","deprecated":false,"id":"CURL-CVE-2017-7468-915406d7","target":{"file":"lib/url.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"threshold":0.9,"line_hashes":["157543540451396611667386484148989267045","74069882306061399140586746538891343679","221111720465796965529162911022695451991","244219256792401510972435386011342973565","8114976935570795574375565491415553719","22759593980880853698552759145789732872","294018636741161595969697627679128386425","296617457533623502711519347929439409488","327940544495434881025960403982869964771"]},"signature_version":"v1"},{"signature_type":"Line","deprecated":false,"id":"CURL-CVE-2017-7468-94680a63","target":{"file":"lib/vtls/mbedtls.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"threshold":0.9,"line_hashes":["200422383670803689681970180291971367779","271199807970815277242742973058271334019","12944496740288362429357058443990385728","320141749657151122226833407483099338566","316837432126527030999593181764192832858","165121328276448230237395237624634969067","55986910445014773660577116001894045293","151716116622873127140592820949455775117"]},"signature_version":"v1"},{"signature_type":"Line","deprecated":false,"id":"CURL-CVE-2017-7468-94e70069","target":{"file":"lib/vtls/schannel.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"threshold":0.9,"line_hashes":["275036076535661898397738104768047292729","206727872251150574226934347663669365558","151827120008333494564769900398342614118","237889124970540501720510391966920673335","3871476853743574543555372681885264559","107426120965436630550851094683951508302","225081885069481720806966173037985741363","253389568543456661722902047746749413565"]},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-b413848c","target":{"function":"nss_setup_connect","file":"lib/vtls/nss.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":6202,"function_hash":"240053820011501383886772950596370312121"},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-bc8de2e7","target":{"function":"Curl_init_userdefined","file":"lib/url.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":2529,"function_hash":"116025645030831907644807641442241440173"},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-be566a5c","target":{"function":"darwinssl_connect_step1","file":"lib/vtls/darwinssl.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":13609,"function_hash":"308673861977387338860697765143545846807"},"signature_version":"v1"},{"signature_type":"Line","deprecated":false,"id":"CURL-CVE-2017-7468-d680dfd4","target":{"file":"lib/vtls/darwinssl.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"threshold":0.9,"line_hashes":["27866526955463607016655463918154242247","77260563409298035026435384800325762503","51070627625800272582700783561694094325","190409903133862919814399538683792274085"]},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-d6c677a6","target":{"function":"gtls_connect_step3","file":"lib/vtls/gtls.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":9996,"function_hash":"171556669681260753575251690245199297323"},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-de88261c","target":{"function":"connect_finish","file":"lib/vtls/axtls.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":2380,"function_hash":"145069133213934954676527723583167051882"},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-e2f95290","target":{"function":"Curl_clone_primary_ssl_config","file":"lib/vtls/vtls.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":387,"function_hash":"182491058169809524916547310765914292283"},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-f1d7ea38","target":{"function":"polarssl_connect_step3","file":"lib/vtls/polarssl.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":899,"function_hash":"134415813669844138675624282421034573546"},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-f297d067","target":{"function":"ossl_connect_step1","file":"lib/vtls/openssl.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":9981,"function_hash":"254839809511526755719182132953578108771"},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"id":"CURL-CVE-2017-7468-f32a493e","target":{"function":"Curl_ssl_getsessionid","file":"lib/vtls/vtls.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"length":1560,"function_hash":"61111165671515616765983114518515148520"},"signature_version":"v1"},{"signature_type":"Line","deprecated":false,"id":"CURL-CVE-2017-7468-fe546efd","target":{"file":"lib/vtls/cyassl.c"},"source":"https://github.com/curl/curl.git/commit/33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26","digest":{"threshold":0.9,"line_hashes":["167985076493585910827800208943953346485","267057043838863628034067934030572221700","176086022031721186333992618672776504399","225999323467492088213181556157791288884","295544463428996478277168135050247241882","294080755172784084334914202198171582322","338983798372813334220075477224829486290","309011341883195210562696330121187255319"]},"signature_version":"v1"}]}}],"schema_version":"1.7.3","credits":[{"name":"lijian996 on github","type":"FINDER"},{"name":"Ray Satiro","type":"REMEDIATION_DEVELOPER"}]}