Sign In

CVE-2024-2466

ADVISORY - nist

Summary

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc).

EPSS Score: 0.00149 (0.359)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-297

Improper Validation of Certificate with Host Mismatch

ADVISORY - redhat

CWE-297

Improper Validation of Certificate with Host Mismatch

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2024-2466
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-297

CVSS SCORE

6.5medium

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2024-2466
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

UPDATED

ADVISORY IDCVE-2024-2466
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2024-2466
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2024-2466
EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-297

CVSS SCORE

5.3medium

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-9ch7-64c5-2ffr

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-hx4m-3q2w-96wj

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY