libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
{ "CWE": { "id": "CWE-295", "desc": "Improper Certificate Validation" }, "award": { "amount": "540", "currency": "USD" }, "URL": "https://curl.se/docs/CVE-2024-2379.json", "package": "curl", "severity": "Low", "issue": "https://hackerone.com/reports/2410774", "www": "https://curl.se/docs/CVE-2024-2379.html", "last_affected": "8.6.0" }