libcurl provides the CURLOPT_CERTINFO
option to allow applications torequest details to be returned about a servers certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Curl | Haxx | * | 7.83.1 (excluding) |