MGASA-2013-0338

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2013-4545

Published: 20 Nov 2013, 20:56

Last modified:16 Apr 2026, 06:26

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 Nov 2013, 20:56

Published

Vulnerability first disclosed

16 Apr 2026, 06:26

Last Modified

Vulnerability information updated

Description

Updated curl packages fix CVE-2013-4545 Updated curl packages fix security vulnerability: Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust chain (CVE-2013-4545).

Affected Systems

mageia•curl
< 7.24.0-1.3.mga2
mageia•curl
< 7.28.1-6.2.mga3

References (4)

https://advisories.mageia.org/MGASA-2013-0338.html
http://curl.haxx.se/docs/adv_20131115.html
http://www.debian.org/security/2013/dsa-2798
https://bugs.mageia.org/show_bug.cgi?id=11703