QUIC certificate check bypass with wolfSSL

Vulnerability

CVE-2024-2379 affects libcurl when built to use the wolfSSL TLS library for QUIC connections. If an application requests an unknown or bad cipher suite or elliptic curve, the error handling path in the certificate verification logic mistakenly returns success without performing any certificate validation. This bypass occurs only when wolfSSL was compiled with the OPENSSL_COMPATIBLE_DEFAULTS symbol defined, which is not the default in the recommended build configuration --enable-curl [4]. The vulnerability is present in all libcurl versions using wolfSSL with that flag before the fix included in curl 8.7.0 (released March 27, 2024) [4].

Exploitation

An attacker does not need any special network position or authentication; the issue is triggered solely by the application or user requesting an unknown cipher or curve when establishing a QUIC connection. No user interaction or race condition is required. The attacker can passively intercept the connection or operate as a man-in-the-middle, because the certificate presented by the server will simply not be validated [4].

Impact

Successful exploitation allows an attacker to present a fake or self-signed certificate that would normally be rejected. This completely bypasses the certificate trust chain for the QUIC session, enabling the attacker to eavesdrop on, modify, or impersonate the TLS-secured communication. The confidentiality and integrity of the data exchanged over that QUIC connection are compromised. The attacker gains no code execution or elevated privileges on the client or server, but can fully subvert the security of the affected connection [4].

Mitigation

The vulnerability is fixed in curl version 8.7.0, released on March 27, 2024 [4]. Users should update libcurl to at least that version. If the wolfSSL library was built without the OPENSSL_COMPATIBLE_DEFAULTS symbol (the recommended build), the vulnerable code path is not reachable and no action is required. No workaround exists for affected builds other than updating curl or rebuilding wolfSSL without that symbol. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of this writing.