CVE-2024-2379
QUIC certificate check bypass with wolfSSL
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
libcurl omite la verificación del certificado para una conexión QUIC bajo ciertas condiciones, cuando está diseñado para usar wolfSSL. Si se le indica que utilice un cifrado o curva desconocido/incorrecto, la ruta de error omite accidentalmente la verificación y devuelve OK, ignorando así cualquier problema de certificado.
A flaw was found in curl. When libcurl is built to use wolfSSL as the TLS backend, it skips certificate verification for a QUIC connection if an unknown/bad cipher or curve is used.
macOS Sonoma 14.6 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, out of bounds access, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-11 CVE Reserved
- 2024-03-27 CVE Published
- 2025-02-13 CVE Updated
- 2025-04-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (13)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-2379 | 2024-05-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2270499 | 2024-05-07 |