From Learn to Tb leaks, HAXX libcurl security vulnerability

Haxx is a bunch of friends who work as software developers and hackers in Sweden. Haxx developers do embedded programming, realtime magic, network deep dives and all this mostly on Linux.

HAXX libcurl is the Swedish Haxx (HAXX) company’s open source client URL conversion library. Protocols including FTP, SFTP, TFTP and HTTP are provided by the product.

A protection flaw is found in libcurl. In order to conduct low-level OCSP authentication on libcurl, attackers may use this limitation to serve as a middleman to read or write data in a session.

References:

access.redhat.com/security/cve/cve-2020-8286

www.auscert.org.au/bulletins/ ESB-2020.4343/