vulnerability

Debian: CVE-2024-55581: libaws -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:N)	Feb 26, 2025	Mar 11, 2025	Mar 30, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:N)

Published

Feb 26, 2025

Added

Mar 11, 2025

Modified

Mar 30, 2026

Description

When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate (unless the using program specifies a TLS configuration).

Solution

debian-upgrade-libaws

References

CVE-2024-55581
https://attackerkb.com/topics/CVE-2024-55581
CWE-295
DEBIAN-DLA-4080-1
EUVD-EUVD-2025-5281
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-5281

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today