cURL / Mailing Lists / curl-library / Single Mail


Is libcurl/curl affected by OpenSSL "DH small subgroups (CVE-2016-0701)"?

From: Dana Burd <>
Date: Fri, 29 Jan 2016 06:38:25 +0000

Wise curl folks,

There's a new "high severity" vulnerability in OpenSSL 1.0.2:

I'm curious if curl-7.40.0 is affected at all. I poked around the source, but it's a bit over my head. Any insights appreciated...
If curl-7.40.0 is affected, pointers on how to patch with the right OpenSSL option is even more appreciated!


Dana Burd

List admin:
Received on 2016-01-29