Search for vulnerabilities
| Vulnerability ID | VCID-hj8v-tgnn-mfdw |
| Aliases |
CVE-2016-9953
|
| Summary | The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 4.8 |
| Risk | 2.4 |
| Affected and Fixed Packages | Package Details |
| CWE-126 | Buffer Over-read |
| System | Score | Found at |
|---|---|---|
| epss | 0.01854 | https://api.first.org/data/v1/epss?cve=CVE-2016-9953 |
| epss | 0.01854 | https://api.first.org/data/v1/epss?cve=CVE-2016-9953 |
| epss | 0.01854 | https://api.first.org/data/v1/epss?cve=CVE-2016-9953 |
| epss | 0.01854 | https://api.first.org/data/v1/epss?cve=CVE-2016-9953 |
| epss | 0.01854 | https://api.first.org/data/v1/epss?cve=CVE-2016-9953 |
| epss | 0.01854 | https://api.first.org/data/v1/epss?cve=CVE-2016-9953 |
| epss | 0.01854 | https://api.first.org/data/v1/epss?cve=CVE-2016-9953 |
| epss | 0.01854 | https://api.first.org/data/v1/epss?cve=CVE-2016-9953 |
| epss | 0.01854 | https://api.first.org/data/v1/epss?cve=CVE-2016-9953 |
| cvssv3.1 | Medium | https://curl.se/docs/CVE-2016-9953.html |
| Reference id | Reference type | URL |
|---|---|---|
| https://api.first.org/data/v1/epss?cve=CVE-2016-9953 | ||
| https://curl.se/docs/CVE-2016-9953.html |
| Percentile | 0.82946 |
| EPSS Score | 0.01854 |
| Published At | April 1, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-04-01T17:48:56.027933+00:00 | EPSS Importer | Import | https://epss.cyentia.com/epss_scores-current.csv.gz | 38.0.0 |