{
  "schema_version": "1.5.0",
  "id": "CURL-CVE-2016-7141",
  "aliases": [
    "CVE-2016-7141"
  ],
  "summary": "Incorrect reuse of client certificates",
  "modified": "2025-09-27T10:58:29.00Z",
  "database_specific": {
    "package": "curl",
    "affects": "both",
    "URL": "https://curl.se/docs/CVE-2016-7141.json",
    "www": "https://curl.se/docs/CVE-2016-7141.html",
    "CWE": {
      "id": "CWE-305",
      "desc": "Authentication Bypass by Primary Weakness"
    },
    "last_affected": "7.50.1",
    "severity": "High"
  },
  "published": "2016-09-07T08:00:00.00Z",
  "affected": [
    {
      "ranges": [
        {
           "type": "SEMVER",
           "events": [
             {"introduced": "7.19.6"},
             {"fixed": "7.50.2"}
           ]
        }      ],
      "versions": [
        "7.50.1", "7.50.0", "7.49.1", "7.49.0", "7.48.0", "7.47.1", "7.47.0", 
        "7.46.0", "7.45.0", "7.44.0", "7.43.0", "7.42.1", "7.42.0", "7.41.0", 
        "7.40.0", "7.39.0", "7.38.0", "7.37.1", "7.37.0", "7.36.0", "7.35.0", 
        "7.34.0", "7.33.0", "7.32.0", "7.31.0", "7.30.0", "7.29.0", "7.28.1", 
        "7.28.0", "7.27.0", "7.26.0", "7.25.0", "7.24.0", "7.23.1", "7.23.0", 
        "7.22.0", "7.21.7", "7.21.6", "7.21.5", "7.21.4", "7.21.3", "7.21.2", 
        "7.21.1", "7.21.0", "7.20.1", "7.20.0", "7.19.7", "7.19.6"
      ]
    }
  ],
  "credits": [
    {
      "name": "Red Hat",
      "type": "FINDER"
    },
    {
      "name": "Kamil Dudka",
      "type": "REMEDIATION_DEVELOPER"
    }
  ],
  "details": "libcurl built on top of NSS (Network Security Services) incorrectly reused\nclient certificates if a certificate from file was used for one TLS connection\nbut no certificate set for a subsequent TLS connection.\n\nWhile the symptoms are similar to CVE-2016-5420 (Reusing connection with wrong\nclient cert), this vulnerability was caused by an implementation detail of the\nNSS backend in libcurl, which is orthogonal to the cause of CVE-2016-5420."
}