CVE-2024-2379
ADVISORY - debianSummary
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
- curl 8.7.1-1 (unimportant) https://curl.se/docs/CVE-2024-2379.html Introduced by: https://github.com/curl/curl/commit/5d044ad9480a9f556f4b6a252d7533b1ba7fe57e (curl-8_6_0) Fixed by: https://github.com/curl/curl/commit/aedbbdf18e689a5eee8dc39600914f5eda6c409c (curl-8_7_0) curl in Debian not built with wolfSSL support
EPSS Score: 0.00276 (0.507)
Common Weakness Enumeration (CWE)
ADVISORY - nist
ADVISORY - redhat
Improper Certificate Validation
Debian
CREATED
UPDATED
ADVISORY IDCVE-2024-2379
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/Alow| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/curl | deb | debian | 12 | >=7.88.1-10+deb12u12 | Not yet available |
| debian/curl | deb | debian | 11 | >=7.74.0-1.3+deb11u13 | Not yet available |
| debian/curl | deb | debian | 13 | <8.7.1-1 | 8.7.1-1 |
| debian/curl | deb | debian | unstable | <8.7.1-1 | 8.7.1-1 |
Severity and metrics
No CVSS data available from this advisory.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2024-2379
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.3mediumAlpine
CREATED
UPDATED
ADVISORY IDCVE-2024-2379
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2024-2379
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2024-2379
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.4lowChainguard
CREATED
UPDATED
ADVISORY ID
CGA-8qrc-rj3g-jgxw
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-