QwikSec

Security Database

CVE

CWE

Training

CVE-2024-45289

Published: Nov 12, 2024

Modified: Jan 10, 2025

PUBLISHED

Description

The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option.

Vendor	Product	Versions
FreeBSD	FreeBSD	affected `14.1-RELEASE - < p6` affected `13.4-RELEASE - < p2` affected `13.3-RELEASE - < p8`

Weaknesses (CWE)

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:18.ctl.asc

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.