curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libcurl | Haxx | * | 7.50.0 (including) |