AVG-2887 log
| Package | curl |
| Status | Not affected |
| Severity | Medium |
| Type | certificate verification bypass |
| Affected | 8.13.0-2 |
| Fixed | Not affected |
| Current | 8.17.0-2 [core] |
| Ticket | None |
| Created | Thu May 29 19:13:36 2025 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2025-5025 | Medium | Yes | Certificate verification bypass | libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC... |
| CVE-2025-4947 | Medium | Yes | Certificate verification bypass | libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it... |