Lucene search
Ubuntu.comUB:CVE-2024-2466HistoryMar 27, 2024 - 12:00 a.m.
CVE-2024-2466
2024-03-2700:00:00
ubuntu.com
ubuntu.com
8
libcurl
tls
ip address
mbedtls
certificate check
https
ftps
imaps
pops3
smtps
libcurl did not check the server certificate of TLS connections done to a
host specified as an IP address, when built to use mbedTLS. libcurl would
wrongly avoid using the set hostname function when the specified hostname
was given as an IP address, therefore completely skipping the certificate
check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3,
SMTPS, etc).
Notes
| Author | Note |
|---|---|
| mdeslaur | Ubuntu package does not use the wolfSSL backend. affects curl 8.5.0 to and including 8.6.0 introduced in https://github.com/curl/curl/commit/fa714830e92cba7b16b9d3f |
Related
redhatcve
redhatcve
CVE-2024-2466
2024-03-27 09:27:25
cvelist
cvelist
CVE-2024-2466 TLS certificate check bypass with mbedTLS
2024-03-27 07:58:24
alpinelinux
alpinelinux
CVE-2024-2466
2024-03-27 08:15:41
wolfi
wolfi
CVE-2024-2466 vulnerabilities
2024-06-02 03:07:39
osv
osv
CVE-2024-2466
2024-03-27 08:15:41
cgr
cgr
CVE-2024-2466 vulnerabilities
2024-05-19 03:07:16
debiancve
debiancve
CVE-2024-2466
2024-03-27 08:15:41
cve
cve
CVE-2024-2466
2024-03-27 08:15:41
nessus
nessus
Curl 8.5.0 < 8.7.0 TLS Certificate Check Bypass (CVE-2024-2466)
2024-03-29 00:00:00
veracode
veracode
TLS Certificate Check Bypass
2024-04-05 02:09:20
hackerone
hackerone
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0099)
2024-04-05 00:00:00
Slackware: Security Advisory (SSA:2024-087-01)
2024-03-28 00:00:00
slackware
slackware
[slackware-security] curl
2024-03-27 19:16:33
mageia
mageia
Updated curl packages fix security vulnerabilities
2024-03-29 06:49:09
redhat
redhat