DEBIAN-CVE-2024-2379

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-2379

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-2379.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2024-2379

Upstream

CVE-2024-2379

Published

2024-03-27T08:15:41Z

Modified

2025-09-30T05:19:04.409249Z

Summary

[none]

Details

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.

References

https://security-tracker.debian.org/tracker/CVE-2024-2379

Affected packages

Debian:11 / curl

Package

Name: curl
Purl: pkg:deb/debian/curl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.74.0-1.3

7.74.0-1.3+deb11u1

7.74.0-1.3+deb11u2

7.74.0-1.3+deb11u3

7.74.0-1.3+deb11u4

7.74.0-1.3+deb11u5

7.74.0-1.3+deb11u6

7.74.0-1.3+deb11u7~bpo11+1

7.74.0-1.3+deb11u7

7.74.0-1.3+deb11u8

7.74.0-1.3+deb11u9

7.74.0-1.3+deb11u10

7.74.0-1.3+deb11u11

7.74.0-1.3+deb11u12

7.74.0-1.3+deb11u13

7.74.0-1.3+deb11u14

7.74.0-1.3+deb11u15

7.79.1-1

7.79.1-2

7.79.1-3~exp1

7.79.1-3~exp2

7.80.0-1

7.80.0-2

7.80.0-3

7.81.0-1~bpo11+1

7.81.0-1

7.82.0-1

7.82.0-2~bpo11+1

7.82.0-2

7.83.0-1

7.83.1-1

7.83.1-2

7.84.0-1

7.84.0-2~bpo11+1

7.84.0-2

7.85.0-1~bpo11+1

7.85.0-1

7.86.0-1

7.86.0-2

7.86.0-3

7.87.0-1~bpo11+1

7.87.0-1

7.87.0-2~bpo11+1

7.87.0-2

7.88.1-1~bpo11+1

7.88.1-1

7.88.1-2~exp1

7.88.1-2~exp2

7.88.1-2~exp3

7.88.1-2~exp4

7.88.1-2

7.88.1-3

7.88.1-4

7.88.1-5

7.88.1-6

7.88.1-7~bpo11+1

7.88.1-7~bpo11+2

7.88.1-7~exp1

7.88.1-7

7.88.1-8~exp1

7.88.1-8

7.88.1-9

7.88.1-10

7.88.1-11

8.*

8.0.1-1~exp1

8.2.1-1

8.2.1-2~bpo12+1

8.2.1-2

8.3.0-1

8.3.0-2~bpo12+1

8.3.0-2~exp1

8.3.0-2

8.3.0-3

8.4.0-1

8.4.0-2~bpo12+1

8.4.0-2

8.5.0-1

8.5.0-1+exp1

8.5.0-2~bpo12+1

8.5.0-2

8.5.0-2+exp1

8.6.0-1

8.6.0-1.1

8.6.0-2

8.6.0-3

8.6.0-3.1~exp1

8.6.0-3.1~exp2

8.6.0-3.1

8.6.0-3.2

8.6.0-4

8.7.1-1

8.7.1-1+exp1

8.7.1-2

8.7.1-3

8.7.1-4

8.7.1-5~bpo12+1

8.7.1-5

8.7.1-5+exp1

8.8.0-1~bpo12+1

8.8.0-1

8.8.0-1+exp1

8.8.0-1+exp2

8.8.0-2

8.8.0-3

8.8.0-4

8.9.0-1

8.9.0-2

8.9.0-3

8.9.1-1

8.9.1-2~bpo12+1

8.9.1-2

8.10.0-1

8.10.0-2

8.10.1-1~bpo12+1

8.10.1-1

8.10.1-2

8.11.0-1

8.11.1-1~bpo12+1

8.11.1-1

8.12.0+git20250209.89ed161+ds-1~bpo12+1

8.12.0+git20250209.89ed161+ds-1

8.12.1-1

8.12.1-2~bpo12+1

8.12.1-2

8.12.1-3~bpo12+1

8.12.1-3

8.13.0~rc-1~exp1

8.13.0~rc-1~exp2

8.13.0~rc2-1

8.13.0~rc2-2

8.13.0~rc3-1

8.13.0~rc3-1+exp1

8.13.0-1

8.13.0-1+exp1

8.13.0-2

8.13.0-2+exp1

8.13.0-3

8.13.0-4

8.13.0-4+exp1

8.13.0-5~bpo12+1

8.13.0-5

8.13.0-5+exp1

8.14.0~rc1-1+exp1

8.14.0~rc2-1+exp1

8.14.0~rc3-1+exp1

8.14.0-1

8.14.0-1+exp1

8.14.1-1~bpo12+1

8.14.1-1

8.14.1-2~bpo12+1

8.14.1-2

8.14.1-2+exp1

8.15.0~rc1-1exp1

8.15.0~rc2-1~exp1

8.15.0~rc3-1~exp1

8.15.0-1~bpo13+1

8.15.0-1~exp1

8.15.0-1

8.16.0~rc1-1~exp1

8.16.0~rc2-1

8.16.0~rc2-2

8.16.0~rc3-1

8.16.0-1~bpo13+1

8.16.0-1

8.16.0-1+exp1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / curl

Package

Name: curl
Purl: pkg:deb/debian/curl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.88.1-10

7.88.1-10+deb12u1~bpo11+1

7.88.1-10+deb12u1

7.88.1-10+deb12u2

7.88.1-10+deb12u3~bpo11+1

7.88.1-10+deb12u3

7.88.1-10+deb12u4

7.88.1-10+deb12u5~bpo11+1

7.88.1-10+deb12u5

7.88.1-10+deb12u6~bpo11+1

7.88.1-10+deb12u6

7.88.1-10+deb12u7

7.88.1-10+deb12u8

7.88.1-10+deb12u9

7.88.1-10+deb12u11

7.88.1-10+deb12u12

7.88.1-10+deb12u13

7.88.1-10+deb12u14

7.88.1-11

8.*

8.0.1-1~exp1

8.2.1-1

8.2.1-2~bpo12+1

8.2.1-2

8.3.0-1

8.3.0-2~bpo12+1

8.3.0-2~exp1

8.3.0-2

8.3.0-3

8.4.0-1

8.4.0-2~bpo12+1

8.4.0-2

8.5.0-1

8.5.0-1+exp1

8.5.0-2~bpo12+1

8.5.0-2

8.5.0-2+exp1

8.6.0-1

8.6.0-1.1

8.6.0-2

8.6.0-3

8.6.0-3.1~exp1

8.6.0-3.1~exp2

8.6.0-3.1

8.6.0-3.2

8.6.0-4

8.7.1-1

8.7.1-1+exp1

8.7.1-2

8.7.1-3

8.7.1-4

8.7.1-5~bpo12+1

8.7.1-5

8.7.1-5+exp1

8.8.0-1~bpo12+1

8.8.0-1

8.8.0-1+exp1

8.8.0-1+exp2

8.8.0-2

8.8.0-3

8.8.0-4

8.9.0-1

8.9.0-2

8.9.0-3

8.9.1-1

8.9.1-2~bpo12+1

8.9.1-2

8.10.0-1

8.10.0-2

8.10.1-1~bpo12+1

8.10.1-1

8.10.1-2

8.11.0-1

8.11.1-1~bpo12+1

8.11.1-1

8.12.0+git20250209.89ed161+ds-1~bpo12+1

8.12.0+git20250209.89ed161+ds-1

8.12.1-1

8.12.1-2~bpo12+1

8.12.1-2

8.12.1-3~bpo12+1

8.12.1-3

8.13.0~rc-1~exp1

8.13.0~rc-1~exp2

8.13.0~rc2-1

8.13.0~rc2-2

8.13.0~rc3-1

8.13.0~rc3-1+exp1

8.13.0-1

8.13.0-1+exp1

8.13.0-2

8.13.0-2+exp1

8.13.0-3

8.13.0-4

8.13.0-4+exp1

8.13.0-5~bpo12+1

8.13.0-5

8.13.0-5+exp1

8.14.0~rc1-1+exp1

8.14.0~rc2-1+exp1

8.14.0~rc3-1+exp1

8.14.0-1

8.14.0-1+exp1

8.14.1-1~bpo12+1

8.14.1-1

8.14.1-2~bpo12+1

8.14.1-2

8.14.1-2+exp1

8.15.0~rc1-1exp1

8.15.0~rc2-1~exp1

8.15.0~rc3-1~exp1

8.15.0-1~bpo13+1

8.15.0-1~exp1

8.15.0-1

8.16.0~rc1-1~exp1

8.16.0~rc2-1

8.16.0~rc2-2

8.16.0~rc3-1

8.16.0-1~bpo13+1

8.16.0-1

8.16.0-1+exp1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / curl

Package

Name: curl
Purl: pkg:deb/debian/curl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.7.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / curl

Package

Name: curl
Purl: pkg:deb/debian/curl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.7.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}