DEBIAN-CVE-2024-2379

DEBIAN-CVE-2024-2379 PUBLISHED CVSS 6.300000190734863 MEDIUM

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.

Risk Scores

CVSS 3.1

6.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected Products

Vendor	Product	Versions
Debian:13	curl	0, 0
Debian:14	curl	0, 0
Debian:11	curl	8.17.0-2, 8.14.0~rc1-1+exp1, 8.14.0~rc2-1+exp1
Debian:12	curl	7.88.1-10+deb12u2, 7.88.1-10+deb12u3, 7.88.1-10+deb12u3~bpo11+1

Exploit Intelligence

macos_v2_generated.go (github-poc)
glcve_test.go (github-poc)
macos_v1_generated.go (github-poc)

Timeline

Mar 27, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-2379 advisory

Open in Interactive Console →