Lucene search

K

GoogleOSV:CVE-2024-2379

HistoryMar 27, 2024 - 8:15 a.m.

CVE-2024-2379

2024-03-2708:15:41

Google

osv.dev

6

cve-2024-2379

libcurl

certificate verification

quic

wolfssl

cipher

curve

software

security bypass

AI Score

6.6

Confidence

Low

EPSS

0

Percentile

13.5%

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.

References

seclists.org/fulldisclosure/2024/Jul/18

seclists.org/fulldisclosure/2024/Jul/19

seclists.org/fulldisclosure/2024/Jul/20

www.openwall.com/lists/oss-security/2024/03/27/2

curl.se/docs/CVE-2024-2379.html

curl.se/docs/CVE-2024-2379.json

hackerone.com/reports/2410774

security-tracker.debian.org/tracker/CVE-2024-2379

security.alpinelinux.org/vuln/CVE-2024-2379

security.netapp.com/advisory/ntap-20240531-0001/

support.apple.com/kb/HT214118

support.apple.com/kb/HT214119

support.apple.com/kb/HT214120

AI Score

6.6

Confidence

Low

EPSS

0

Percentile

13.5%

Related for OSV:CVE-2024-2379

alpinelinux1 hackerone2 nessus9 veracode1 osv3 cve1 vulnrichment1 wolfi1 nvd1 ubuntucve1 cvelist1 redhatcve1 debiancve1 cgr1 mageia1 openvas5 ibm3 slackware1 redhat2 ics1 apple3