CVE-2013-6422
- Source
- https://cve.org/CVERecord?id=CVE-2013-6422
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2013-6422.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2013-6422
- Aliases
- Downstream
- Withdrawn
- 2026-01-27T04:11:50.305645Z
- Published
- 2013-12-23T22:55:02Z
- Modified
- 2026-01-27T04:11:50.305645Z
- Summary
- [none]
- Details
-
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPTSSLVERIFYPEER), also disables the CURLOPTSSLVERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
- References