CVE Vulnerabilities

CVE-2024-2379

Improper Certificate Validation

Published: Mar 27, 2024 | Modified: Jul 30, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
5.4 LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Ubuntu
LOW

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Curl Haxx 8.6.0 (including) 8.6.0 (including)
Curl Ubuntu upstream *

Potential Mitigations

References