CVE-2024-55581

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-55581

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55581.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-55581

Downstream

DEBIAN-CVE-2024-55581

DLA-4080-1

UBUNTU-CVE-2024-55581

Published

2025-02-26T22:15:14Z

Modified

2025-04-07T18:39:22Z

Summary

[none]

Details

When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate (unless the using program specifies a TLS configuration).

References

https://docs.adacore.com/corp/security-advisories/SEC.AWS-0056-v1.pdf
https://lists.debian.org/debian-lts-announce/2025/03/msg00007.html

CVE-2024-55581

Affected packages