CVE-2013-6422: cert name check ignore with GnuTLS Vulnerability libcurl is vulnerable to a case of missing out the checking of the certificate or name field when the digital signature verification is turned off. This flaw affected the behavior of curl when an application disabled , which caused curl to also skip the check. Info CVE: CVE-2013-6422 CWE: CWE-297: Improper Validation of Certificate with Host Mismatch Severity: Medium Affected Versions Affected Versions: libcurl 7.21.4 to 7.33.0 Not Affected Versions: libcurl = 7.34.0 Solution libcurl 7.34.0 ensures that both options independently cause the operation to fail unless the criteria is fulfilled. Fixed-in: commit link Recommendations Upgrade to curl and libcurl 7.34.0 Apply the patch and rebuild libcurl Make sure is not disabled Build libcurl with another TLS backend than GnuTLS Timeline Reported on November 29th, 2013 Contacted distros@openwall on December 3rd libcurl 7.34.0 released on December 17th, 2013 Credits Reported by: Marc Deslauriers Patched by: Daniel Stenberg