CVE-2024-2379
EUVD-2024-2733227.03.2024, 08:15
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| haxx | curl | 8.6.0 |
| apple | macos | 𝑥 < 12.7.6 |
| apple | macos | 13.0 ≤ 𝑥 < 13.6.8 |
| apple | macos | 14.0 ≤ 𝑥 < 14.6 |
| netapp | active_iq_unified_manager | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | h300s_firmware | - |
| netapp | h410s_firmware | - |
| netapp | h500s_firmware | - |
| netapp | h610c_firmware | - |
| netapp | h610s_firmware | - |
| netapp | h615c_firmware | - |
| netapp | h700s_firmware | - |
| netapp | bootstrap_os | - |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References