First published: Wed Mar 20 2024(Updated: )
Accounts. The issue was addressed with improved checks.
Credit: 2499f714-1537-4658-8207-48ae4bb9eae9 CVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466 Michael DePlante @izobashi Trend Micro Zero Day InitiativeD4m0n Amir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary Operationsan anonymous researcher Mickey Jin @patch1t CVE-2023-6277 CVE-2023-52356 Yisumi sqrtpwn Minghao Lin Zhejiang UniversityJiaxun Zhu Zhejiang UniversityPatrick Wardle DoubleYouAdam M. CVE-2024-6387 Zhongquan Li @Guluisacat Dawn Security Lab of JingDongCsaba Fitzl @theevilbit KandjiClaudio Bozzato Cisco TalosFrancesco Benvenuto Cisco TalosCVE-2024-23296 Yadhu Krishna M Cyber Security At Suma Soft PvtNarendra Bhati Cyber Security At Suma Soft PvtManager Cyber Security At Suma Soft PvtPune (India) Kirin @Pwnrin Joshua Jones Marcio Almeida Tanto SecurityJiahui Hu (梅零落) NorthSeaMeng Zhang (鲸落) NorthSeaMatthew Loewen Minghao Lin Baidu Security Baidu SecurityYe Zhang @VAR10CK Baidu Securityw0wbox Junsung Lee Trend Micro Zero Day InitiativeGandalf4a Bistrit Dahal Srijan Poudel Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal IndiaIES Red Team ByteDanceLinwz DEVCOREYeto CertiK SkyFall Team Yann Gascuel Alter Solutions CrowdStrike Counter Adversary OperationsWang Yu CyberservalCVE-2024-40805 Rodolphe BRUNETTI @eisw0lf Pedro Tôrres @t0rr3sp3dr0 Mickey Jin @patch1t Kandji KandjiMateen Alinaghi Csaba Fitzl @theevilbit Offensive SecurityWojciech Regula SecuRing Dawn Security Lab of JingDongJiwon Park Arsenii Kostromin (0x3c3e) ajajfxhj Huang Xilin Ant Group LightMaksymilian Motyl Johan Carlsson (joaxcar) Seunghyun Lee @0x10n KAIST Hacking Lab working with Trend Micro Zero Day InitiativeCVE-2024-4558 Matthew Butler Gary Kwong Andreas Jaegersberger Ro Achterberg
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/curl | <8.7.0 | 8.7.0 |
Apple macOS | <14.6 | 14.6 |
macOS | <12.7.6 | 12.7.6 |
macOS Ventura | <13.6.8 | 13.6.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2024-2466 is classified as a high severity vulnerability due to its impact on the security of TLS connections.
CVE-2024-2466 affects libcurl users by allowing potential man-in-the-middle attacks due to improper server certificate validation.
To fix CVE-2024-2466, you should upgrade libcurl to version 8.7.0 or above if you are using Red Hat or update macOS Monterey to 12.7.6 or later.
CVE-2024-2466 affects macOS Monterey versions before 12.7.6, macOS Ventura before 13.6.8, and macOS Sonoma before 14.6.
Currently, there is no explicitly stated workaround for CVE-2024-2466; users are advised to update their software to mitigate the risk.