CVE-2024-2466

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions libcurl (affected versions not specified)

Description The issue is related to the implementation of TLS protocols in libcurl, where the server certificate is not checked when connecting to a host specified as an IP address, when built to use mbedTLS. This affects all uses of TLS protocols, including HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc. The vulnerability can be exploited by a remote attacker to conduct spoofing attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-297

Related Identifiers

AZL-37077

AZL-37103

AZL-42972

BDU:2024-02736

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2024-2466

JLSEC-2026-417

MGASA-2024-0099

OPENSUSE-SU-2024:13805-1

RHSA-2024:2693

SUSE-SU-2025:20029-1

Affected Products

Ibm Aix

Apple Macos

Libcurl

CVE-2024-2466

Weakness Enumeration

Related Identifiers

Affected Products

References · 325