6.3

CVE-2024-2379

Exploit

QUIC certificate check bypass with wolfSSL

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HaxxCurl Version8.6.0
ApplemacOS Version < 12.7.6
ApplemacOS Version >= 13.0 < 13.6.8
ApplemacOS Version >= 14.0 < 14.6
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH410s Firmware Version-
   NetappH410s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH610c Firmware Version-
   NetappH610c Version-
NetappH610s Firmware Version-
   NetappH610s Version-
NetappH615c Firmware Version-
   NetappH615c Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappBootstrap Os Version-
   NetappHci Compute Node Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.71% 0.743
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.3 2.8 3.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://seclists.org/fulldisclosure/2024/Jul/18
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT214119
Vendor Advisory
Release Notes
http://seclists.org/fulldisclosure/2024/Jul/19
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/20
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT214118
Vendor Advisory
Release Notes
https://support.apple.com/kb/HT214120
Vendor Advisory
Release Notes
http://www.openwall.com/lists/oss-security/2024/03/27/2
Third Party Advisory
Mailing List
https://curl.se/docs/CVE-2024-2379.html
Vendor Advisory
https://curl.se/docs/CVE-2024-2379.json
Vendor Advisory
https://hackerone.com/reports/2410774
Third Party Advisory
Exploit
Issue Tracking
https://security.netapp.com/advisory/ntap-20240531-0001/
Third Party Advisory