libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
Improper Certificate Validation
-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/curl | deb | debian | 12 | >=7.88.1-10+deb12u5 | Not yet available |
| debian/curl | deb | debian | 11 | >=7.74.0-1.3+deb11u11 | Not yet available |
| debian/curl | deb | debian | 13 | <8.7.1-1 | 8.7.1-1 |
| debian/curl | deb | debian | 10 | >=7.64.0-4+deb10u2 | Not yet available |
| debian/curl | deb | debian | unstable | <8.7.1-1 | 8.7.1-1 |
Severity and metrics
No CVSS data available from this source.
-
-
-
2.8
CVE-2024-2379
-
CVE-2024-2379
-