Sign In

CVE-2024-2379

ADVISORY - nist

Summary

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.

EPSS Score: 0.00203 (0.429)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo

ADVISORY - redhat

CWE-295

Improper Certificate Validation

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2024-2379
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-noinfo

CVSS SCORE

6.3medium

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2024-2379
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

UPDATED

ADVISORY IDCVE-2024-2379
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2024-2379
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2024-2379
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-295

CVSS SCORE

5.4low

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-8qrc-rj3g-jgxw

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY