A flaw was found in curl. When libcurl is built to use wolfSSL as the TLS backend, it skips certificate verification for a QUIC connection if an unknown/bad cipher or curve is used.

References

bugzilla.redhat.com/show_bug.cgi?id=2270499

curl.se/docs/CVE-2024-2379.html

nvd.nist.gov/vuln/detail/CVE-2024-2379

www.cve.org/CVERecord?id=CVE-2024-2379

osv 4

cve 1

vulnrichment 1

wolfi 1

nvd 1

alpinelinux 1

hackerone 2

nessus 9

veracode 1

ubuntucve 1

cvelist 1

debiancve 1

cgr 1

mageia 1

openvas 5

slackware 1

ibm 3

redhat 2

ics 1

apple 3

osv

QUIC certificate check bypass with wolfSSL

2024-03-27 08:00:00

CVE-2024-2379

2024-03-27 08:15:41

CGA-8qrc-rj3g-jgxw

2024-06-06 12:25:42

cve

CVE-2024-2379

2024-03-27 08:15:41

vulnrichment

CVE-2024-2379 QUIC certificate check bypass with wolfSSL

2024-03-27 07:56:41

wolfi

CVE-2024-2379 vulnerabilities

2024-09-30 03:53:08

nvd

CVE-2024-2379

2024-03-27 08:15:41

alpinelinux

CVE-2024-2379

2024-03-27 08:15:41

hackerone

curl: CVE-2024-2379: QUIC certificate check bypass with wolfSSL

2024-03-10 21:32:06

Internet Bug Bounty: CVE-2024-2379: QUIC certificate check bypass with wolfSSL

2024-03-27 16:39:42

nessus

Curl 8.6.0 < 8.7.0 QUIC Certificate Check Bypass (CVE-2024-2379)

2024-03-29 00:00:00

Slackware Linux 15.0 / current curl Multiple Vulnerabilities (SSA:2024-087-01)

2024-03-27 00:00:00

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP4 (RHSA-2024:2693)

2024-05-07 00:00:00

veracode

Certificate Validation

2024-04-06 00:34:26

ubuntucve

CVE-2024-2379

2024-03-27 00:00:00

cvelist

CVE-2024-2379 QUIC certificate check bypass with wolfSSL

2024-03-27 07:56:41

debiancve

CVE-2024-2379

2024-03-27 08:15:41

cgr

CVE-2024-2379 vulnerabilities

2024-05-19 03:07:16

mageia

Updated curl packages fix security vulnerabilities

2024-03-29 06:49:09

openvas

Slackware: Security Advisory (SSA:2024-087-01)

2024-03-28 00:00:00

Mageia: Security Advisory (MGASA-2024-0099)

2024-04-05 00:00:00

Apple MacOSX Security Update (HT214118)

2024-07-30 00:00:00

slackware

[slackware-security] curl

2024-03-27 19:16:33

ibm

Security Bulletin: PowerSC is vulnerable to security restrictions bypass and denial of service due to Curl

2024-06-28 19:04:01

Security Bulletin: IBM QRadar Wincollect is using components with known vulnerabilities

2024-07-09 17:03:12

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2024.

2024-09-08 15:34:03

redhat

(RHSA-2024:2694) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP4 security update

2024-05-07 15:42:50

(RHSA-2024:2693) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP4 security update

2024-05-07 15:42:47

ics

Siemens SINEMA

2024-09-12 12:00:00

apple

About the security content of macOS Monterey 12.7.6

2024-07-29 00:00:00

About the security content of macOS Ventura 13.6.8

2024-07-29 00:00:00

About the security content of macOS Sonoma 14.6

2024-07-29 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

Confidence

Low

EPSS

Percentile

13.5%

JSON

Related for RH:CVE-2024-2379