Lucene search
CurlCVELIST:CVE-2024-2379HistoryMar 27, 2024 - 7:56 a.m.
CVE-2024-2379 QUIC certificate check bypass with wolfSSL
2024-03-2707:56:41
curl
www.cve.org
1
cve-2024-2379
certificate verification
libcurl
quic
wolfssl
cipher
curve
error path
security vulnerability
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
CNA Affected
[
{
"vendor": "curl",
"product": "curl",
"versions": [
{
"version": "8.6.0",
"status": "affected",
"lessThanOrEqual": "8.6.0",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
cve
cve
CVE-2024-2379
2024-03-27 08:15:41
osv
osv
QUIC certificate check bypass with wolfSSL
2024-03-27 08:00:00
CVE-2024-2379
2024-03-27 08:15:41
wolfi
wolfi
CVE-2024-2379 vulnerabilities
2024-07-03 09:08:38
hackerone
hackerone
curl: CVE-2024-2379: QUIC certificate check bypass with wolfSSL
2024-03-10 21:32:06
nessus
nessus
alpinelinux
alpinelinux
CVE-2024-2379
2024-03-27 08:15:41
veracode
veracode
Certificate Validation
2024-04-06 00:34:26
nvd
nvd
CVE-2024-2379
2024-03-27 08:15:41
ubuntucve
ubuntucve
CVE-2024-2379
2024-03-27 00:00:00
redhatcve
redhatcve
CVE-2024-2379
2024-03-27 09:27:05
cgr
cgr
CVE-2024-2379 vulnerabilities
2024-05-19 03:07:16
debiancve
debiancve
CVE-2024-2379
2024-03-27 08:15:41
ibm
ibm
mageia
mageia
Updated curl packages fix security vulnerabilities
2024-03-29 06:49:09
openvas
openvas
Slackware: Security Advisory (SSA:2024-087-01)
2024-03-28 00:00:00
Mageia: Security Advisory (MGASA-2024-0099)
2024-04-05 00:00:00
slackware
slackware
[slackware-security] curl
2024-03-27 19:16:33
redhat
redhat