Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-2379HistoryMar 27, 2024 - 8:15 a.m.
CVE-2024-2379
2024-03-2708:15:41
Debian Security Bug Tracker
security-tracker.debian.org
10
libcurl
certificate verification
quic
wolfssl
unix
unknown cipher
curve
error path
security issue
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | curl | <= 7.88.1-10+deb12u6 | curl_7.88.1-10+deb12u6_all.deb |
| Debian | 11 | all | curl | <= 7.74.0-1.3+deb11u12 | curl_7.74.0-1.3+deb11u12_all.deb |
| Debian | 999 | all | curl | < 8.7.1-1 | curl_8.7.1-1_all.deb |
| Debian | 13 | all | curl | < 8.7.1-1 | curl_8.7.1-1_all.deb |
Related
cve
cve
CVE-2024-2379
2024-03-27 08:15:41
osv
osv
CVE-2024-2379
2024-03-27 08:15:41
QUIC certificate check bypass with wolfSSL
2024-03-27 08:00:00
wolfi
wolfi
CVE-2024-2379 vulnerabilities
2024-07-03 09:08:38
hackerone
hackerone
curl: CVE-2024-2379: QUIC certificate check bypass with wolfSSL
2024-03-10 21:32:06
alpinelinux
alpinelinux
CVE-2024-2379
2024-03-27 08:15:41
veracode
veracode
Certificate Validation
2024-04-06 00:34:26
nessus
nessus
nvd
nvd
CVE-2024-2379
2024-03-27 08:15:41
ubuntucve
ubuntucve
CVE-2024-2379
2024-03-27 00:00:00
redhatcve
redhatcve
CVE-2024-2379
2024-03-27 09:27:05
cgr
cgr
CVE-2024-2379 vulnerabilities
2024-05-19 03:07:16
cvelist
cvelist
CVE-2024-2379 QUIC certificate check bypass with wolfSSL
2024-03-27 07:56:41
ibm
ibm
openvas
openvas
Slackware: Security Advisory (SSA:2024-087-01)
2024-03-28 00:00:00
Mageia: Security Advisory (MGASA-2024-0099)
2024-04-05 00:00:00
mageia
mageia
Updated curl packages fix security vulnerabilities
2024-03-29 06:49:09
slackware
slackware
[slackware-security] curl
2024-03-27 19:16:33
redhat
redhat