CURL-CVE-2025-4947

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2025-4947.html

Import Source

https://curl.se/docs/CURL-CVE-2025-4947.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2025-4947

Aliases

CVE-2025-4947

Published

2025-05-28T08:00:00Z

Modified

2025-05-28T08:10:29Z

Summary

QUIC certificate check skip with wolfSSL

Details

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.

Database specific

{
    "www": "https://curl.se/docs/CVE-2025-4947.html",
    "URL": "https://curl.se/docs/CVE-2025-4947.json",
    "CWE": {
        "desc": "Improper Certificate Validation",
        "id": "CWE-295"
    },
    "affects": "both",
    "issue": "https://hackerone.com/reports/3150884",
    "last_affected": "8.13.0",
    "award": {
        "amount": "2540",
        "currency": "USD"
    },
    "severity": "Medium",
    "package": "curl"
}

References

Credits

- Hiroki Kurosawa - FINDER
- Stefan Eissing - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

8.8.0

Fixed

8.14.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

4c46e277b2a0c0489de0e0fcb91f315c62f0369c

Fixed

a85f1df4803bbd272905c9e712537b41afeafbd3

Affected versions

8.*

8.10.0

8.10.1

8.11.0

8.11.1

8.12.0

8.12.1

8.13.0

8.8.0

8.9.0

8.9.1

Database specific

{
    "vanir_signatures": [
        {
            "id": "CURL-CVE-2025-4947-43902428",
            "digest": {
                "line_hashes": [
                    "80211781897125907216617466032987610984",
                    "68890303834346341213727486246797762367",
                    "52142079782883376964682183668234246364",
                    "68749118774670511271813411320118219036",
                    "257651649534267240063617473881008983603",
                    "72459915854897445456226013568529407607",
                    "246962167824758465144668491832284230541",
                    "148486550461138867129576406502765894046",
                    "47205215324501448097833419745667265918",
                    "97386622391566701874344023816512674624",
                    "265537291877676368672848132467158892736"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "target": {
                "file": "lib/vquic/vquic-tls.c"
            },
            "source": "https://github.com/curl/curl.git/commit/a85f1df4803bbd272905c9e712537b41afeafbd3",
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CURL-CVE-2025-4947-74a0efb0",
            "digest": {
                "length": 963.0,
                "function_hash": "56537916447733253337736822579741998455"
            },
            "signature_version": "v1",
            "target": {
                "function": "Curl_vquic_tls_verify_peer",
                "file": "lib/vquic/vquic-tls.c"
            },
            "source": "https://github.com/curl/curl.git/commit/a85f1df4803bbd272905c9e712537b41afeafbd3",
            "deprecated": false,
            "signature_type": "Function"
        }
    ]
}