Home > Vulnerability Database > CVE-2024-2466

Mend.io Vulnerability Database

CVE-2024-2466

Good to know:

Date: March 27, 2024

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc).

Language: C

Severity Score

5.4

Related Resources (10)

Url: https://seclists.org/oss-sec/2024/q1/256

Url: https://security-tracker.debian.org/tracker/CVE-2024-2466

Url: https://github.com/curl/curl/commit/3d0fd382a29b95561b90b7ea3e7e

Url: https://hackerone.com/reports/2416725

Url: https://curl.se/docs/CVE-2024-2466.html

Url: https://security.netapp.com/advisory/ntap-20240503-0010/

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-2466

Url: https://curl.se/docs/CVE-2024-2466.json

Url: http://www.openwall.com/lists/oss-security/2024/03/27/4

Url: https://www.mend.io/vulnerability-database/CVE-2024-2466

Severity Score

5.4

Top Fix

Upgrade Version

Upgrade to version curl-8_7_0

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-2466

Good to know:

Date: March 27, 2024

Language: C

Severity Score

Related Resources (10)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?