Описание
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not compiled |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | not-affected | code not present |
| esm-infra/xenial | not-affected | code not present |
| focal | not-affected | code not present |
| jammy | not-affected | code not present |
| noble | not-affected | code not present |
| oracular | not-affected | code not compiled |
| plucky | not-affected | code not compiled |
Показывать по
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.
libcurl accidentally skips the certificate verification for QUIC conne ...
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.
EPSS
6.5 Medium
CVSS3