CVE-2024-2379

ADVISORY - nist

Summary

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.

EPSS Score⁠: 0.00044 (0.140)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo⁠

ADVISORY - redhat

CWE-295⁠

Improper Certificate Validation

Impacted images

Advisories

NIST

CREATED

7 months ago

UPDATED

3 months ago

ADVISORY IDCVE-2024-2379⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-noinfo⁠

RATING UNAVAILABLE FROM ADVISORY

Alpine

CREATED

7 months ago

UPDATED

3 months ago

ADVISORY IDCVE-2024-2379⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

7 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2024-2379⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDCVE-2024-2379⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Red Hat

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDCVE-2024-2379⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-295⁠

CVSS SCORE

5.4low

Chainguard

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY ID

CGA-8qrc-rj3g-jgxw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY