Tim Ruehsen 8a75dbeb23 cookies: only use full host matches for hosts used as IP address ...

By not detecting and rejecting domain names for partial literal IP
addresses properly when parsing received HTTP cookies, libcurl can be
fooled to both send cookies to wrong sites and to allow arbitrary sites
to set cookies for others.

CVE-2014-3613

Bug: http://curl.haxx.se/docs/adv_20140910A.html

2014-09-10 07:32:36 +02:00

1.4 KiB

Raw Blame History

View Raw