Lucene search
Veracode Vulnerability DatabaseVERACODE:46220HistoryApr 05, 2024 - 2:09 a.m.
TLS Certificate Check Bypass
2024-04-0502:09:20
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
vulnerability
tls certificate
libcurl
mbedtls
ip address
certificate check
https
ftps
imaps
pops3
smtps
libcurl is vulnerable to TLS Certificate Check Bypass. The vulnerability is caused due to libcurl not checking the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address. This leads to completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc).
Related
wolfi
wolfi
CVE-2024-2466 vulnerabilities
2024-07-03 09:08:38
alpinelinux
alpinelinux
CVE-2024-2466
2024-03-27 08:15:41
nvd
nvd
CVE-2024-2466
2024-03-27 08:15:41
cvelist
cvelist
CVE-2024-2466 TLS certificate check bypass with mbedTLS
2024-03-27 07:58:24
redhatcve
redhatcve
CVE-2024-2466
2024-03-27 09:27:25
osv
osv
CVE-2024-2466
2024-03-27 08:15:41
TLS certificate check bypass with mbedTLS
2024-03-27 08:00:00
nessus
nessus
Curl 8.5.0 < 8.7.0 TLS Certificate Check Bypass (CVE-2024-2466)
2024-03-29 00:00:00
hackerone
hackerone
ubuntucve
ubuntucve
CVE-2024-2466
2024-03-27 00:00:00
cve
cve
CVE-2024-2466
2024-03-27 08:15:41
cgr
cgr
CVE-2024-2466 vulnerabilities
2024-05-19 03:07:16
debiancve
debiancve
CVE-2024-2466
2024-03-27 08:15:41
ibm
ibm
openvas
openvas
Slackware: Security Advisory (SSA:2024-087-01)
2024-03-28 00:00:00
Mageia: Security Advisory (MGASA-2024-0099)
2024-04-05 00:00:00
mageia
mageia
Updated curl packages fix security vulnerabilities
2024-03-29 06:49:09
slackware
slackware
[slackware-security] curl
2024-03-27 19:16:33
redhat
redhat