AVG-2887 log
Package | curl |
Status | Not affected |
Severity | Medium |
Type | certificate verification bypass |
Affected | 8.13.0-2 |
Fixed | Not affected |
Current | 8.14.1-1 [core] |
Ticket | None |
Created | Thu May 29 19:13:36 2025 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2025-5025 | Medium | Yes | Certificate verification bypass | libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC... |
CVE-2025-4947 | Medium | Yes | Certificate verification bypass | libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it... |