AVG-2887 log

Package curl
Status Not affected
Severity Medium
Type certificate verification bypass
Affected 8.13.0-2
Fixed Not affected
Current 8.14.1-1 [core]
Ticket None
Created Thu May 29 19:13:36 2025
Issue Severity Remote Type Description
CVE-2025-5025 Medium Yes Certificate verification bypass
libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC...
CVE-2025-4947 Medium Yes Certificate verification bypass
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it...