漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
No QUIC certificate pinning with wolfSSL
Vulnerability Description
libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
libcurl 安全漏洞
Vulnerability Description
libcurl是cURL开源的一个免费且易于使用的客户端 URL 传输库。 libcurl存在安全漏洞,该漏洞源于QUIC和HTTP/3连接时未执行证书公钥固定检查,可能导致中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A