CVE-2024-2379

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-2379
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
CVSS

No CVSS.

References
Link Resource
http://seclists.org/fulldisclosure/2024/Jul/18
http://seclists.org/fulldisclosure/2024/Jul/19
http://seclists.org/fulldisclosure/2024/Jul/20
http://www.openwall.com/lists/oss-security/2024/03/27/2
https://curl.se/docs/CVE-2024-2379.html
https://curl.se/docs/CVE-2024-2379.json
https://hackerone.com/reports/2410774
https://security.netapp.com/advisory/ntap-20240531-0001/
https://support.apple.com/kb/HT214118
https://support.apple.com/kb/HT214119
https://support.apple.com/kb/HT214120
Configurations

No configuration.

History

30 Jul 2024, 02:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jul/18 -
  • () http://seclists.org/fulldisclosure/2024/Jul/19 -

30 Jul 2024, 01:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jul/20 -

29 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () https://support.apple.com/kb/HT214118 -
  • () https://support.apple.com/kb/HT214119 -
  • () https://support.apple.com/kb/HT214120 -
Information

Published : 2024-03-27 08:15

Updated : 2024-07-30 02:15

NVD link : CVE-2024-2379

Mitre link : CVE-2024-2379

CVE.ORG link : CVE-2024-2379

JSON object : View

Products Affected

No product.

CWE

No CWE.