Gentoo Linux Security Advisory GLSA 200909-20 – An error in the X.509 certificate handling of cURL might enable remote attackers to conduct man-in-the-middle attacks. Scott Cantor reported that cURL does not properly handle fields in X.509 certificates that contain an ASCII NUL ( ) character. Specifically, the processing of such fields is stopped at the first occurrence of a NUL character. This type of vulnerability was recently discovered by Dan Kaminsky and Moxie Marlinspike. Versions less than 7.19.6 are affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/81658/glsa-200909-20.txt
Source: https://packetstormsecurity.com/files/81658/Gentoo-Linux-Security-Advisory-200909-20.html