libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
Metrics
Affected Vendors & Products
References
History
Thu, 14 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
ssvc
|
MITRE
Status: PUBLISHED
Assigner: curl
Published: 2024-03-27T07:56:41.158Z
Updated: 2024-11-14T19:51:37.916Z
Reserved: 2024-03-11T14:39:01.543Z
Link: CVE-2024-2379
Vulnrichment
Updated: 2024-08-01T19:11:53.464Z
NVD
Status : Awaiting Analysis
Published: 2024-03-27T08:15:41.230
Modified: 2024-11-21T09:09:37.570
Link: CVE-2024-2379
Redhat