Home > Vulnerability Database > CVE-2024-45289

Mend.io Vulnerability Database

CVE-2024-45289

Date: November 12, 2024

The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option.

Language: C

Severity Score

7.5

Related Resources (4)

Url: https://security.netapp.com/advisory/ntap-20250110-0001/

Url: https://security.freebsd.org/advisories/FreeBSD-SA-24:18.ctl.asc

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45289

Url: https://www.mend.io/vulnerability-database/CVE-2024-45289

Severity Score

7.5

Weakness Type (CWE)

Improper Initialization

CWE-665

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45289

Date: November 12, 2024

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?