CVE-2024-2379

Name
CVE-2024-2379
Description
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
2499f714-1537-4658-8207-48ae4bb9eae9 https://curl.se/docs/CVE-2024-2379.html
2499f714-1537-4658-8207-48ae4bb9eae9 https://curl.se/docs/CVE-2024-2379.json
2499f714-1537-4658-8207-48ae4bb9eae9 https://hackerone.com/reports/2410774
2499f714-1537-4658-8207-48ae4bb9eae9 http://www.openwall.com/lists/oss-security/2024/03/27/2

Match rules

CPE URI Source package Min version Max version

Vulnerable and fixed packages

Source package Branch Version Maintainer Status