Lucene search
K

12 matches found

Debian CVE
Debian CVE
added 2026/01/08 10:0 a.m.5 views

CVE-2025-13034

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

5.9CVSS6.4AI score0.00227EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

Siemens SIMATIC S7-1500 Improper Certificate Validation (CVE-2024-2379)

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. This plugin only works wi...

6.3CVSS6.7AI score0.01709EPSS
Exploits1References7
SUSE Linux
SUSE Linux
added 2025/09/12 12:15 p.m.5 views

Security update for curl

This update for curl fixes the following issues: Update to version 8.14.1 jscPED-13055, jscPED-13056. Security issues fixed: CVE-2025-0665: eventfd double close can cause libcurl to act unreliably bsc1236589. CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks...

8.3CVSS7.6AI score0.01301EPSS
Exploits7References36
Vulnrichment
Vulnrichment
added 2025/05/28 6:29 a.m.10 views

CVE-2025-5025 No QUIC certificate pinning with wolfSSL

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...

6.7AI score0.00241EPSS
Exploits2References3
CVE
CVE
added 2025/05/28 6:29 a.m.121 views

CVE-2025-5025

CVSS/summary: CVE-2025-5025 affects libcurl’s server public key pinning for HTTPS when using QUIC/HTTP/3 with wolfSSL as TLS backend. The vulnerability arises from an omission where the pinning check is not performed for QUIC/HTTP/3 connections, even though documentation states the feature works ...

4.8CVSS6.5AI score0.00241EPSS
Exploits2References4Affected Software1
FreeBSD
FreeBSD
added 2025/05/28 12:0 a.m.9 views

curl -- Multiple vulnerabilities

curl security team reports: CVE-2025-5025: No QUIC certificate pinning with wolfSSL CVE-2025-4947: QUIC certificate check skip with wolfSSL...

6.5CVSS7.4AI score0.00241EPSS
Exploits3References2
Hacker One
Hacker One
added 2025/05/19 4:1 p.m.465 views

curl: CVE-2025-5025: No QUIC certificate pinning with wolfSSL

Summary: When using wolfSSL as the TLS backend, certificate pinning does not work when using HTTP/3. The code should invoke wsslverifypinned, but it has not been implemented. Affected version curl -V WARNING: this libcurl is Debug-enabled, do not use in production curl 8.13.0 x8664-pc-linux-gnu...

4.8CVSS6.7AI score0.00241EPSS
Exploits2
Hacker One
Hacker One
added 2025/05/17 6:1 a.m.469 views

curl: CVE-2025-4947: QUIC certificate check skip with wolfSSL

Summary: When using WolfSSL as the TLS backend, there is an issue where the CN or SAN in the certificate is not verified when connecting to an IP address over HTTP/3. wolfSSLX509checkhost is only called when peer-sni is not NULL. However, when an IP address is specified, peer-sni is NULL, so the...

6.5CVSS6.6AI score0.00236EPSS
Exploits1
SUSE Linux
SUSE Linux
added 2025/02/03 8:51 a.m.1 views

Security update for curl

This update for curl fixes the following issues: Security issues fixed: CVE-2024-7264: ASN.1 date parser overread bsc1228535 CVE-2024-6197: Freeing stack buffer in utf8asn1str bsc1227888 CVE-2024-2379: QUIC certificate check bypass with wolfSSL bsc1221666 CVE-2024-2466: TLS certificate check bypa...

7.5CVSS7.6AI score0.36081EPSS
Exploits6References24
OSV
OSV
added 2025/02/03 8:51 a.m.5 views

SUSE-SU-2025:20029-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2024-7264: ASN.1 date parser overread bsc1228535 - CVE-2024-6197: Freeing stack buffer in utf8asn1str bsc1227888 - CVE-2024-2379: QUIC certificate check bypass with wolfSSL bsc1221666 - CVE-2024-2466: TLS certificate...

8.6CVSS7.1AI score0.36081EPSS
Exploits6References13
Slackware Linux
Slackware Linux
added 2024/03/27 7:16 p.m.37 views

[slackware-security] curl

New curl packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-8.7.1-i586-1slack15.0.txz: Upgraded. This release fixes the following security issues: TLS certificate check bypass with mbedTLS...

8.6CVSS7.5AI score0.36081EPSS
Exploits4
Hacker One
Hacker One
added 2024/03/27 4:39 p.m.76 views

Internet Bug Bounty: CVE-2024-2379: QUIC certificate check bypass with wolfSSL

CVE-2024-2379 was a vulnerability in libcurl's QUIC implementation where certificate verification was skipped under certain conditions when using the wolfSSL library. The vulnerability was caused by an error path that accidentally returned success when encountering unknown or unsupported ciphers ...

6.3CVSS6.5AI score0.01709EPSS
Exploits1
Rows per page
Query Builder