When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.
[
{
"vendor": "curl",
"product": "curl",
"versions": [
{
"version": "8.6.0",
"status": "affected",
"lessThanOrEqual": "8.6.0",
"versionType": "semver"
},
{
"version": "8.5.0",
"status": "affected",
"lessThanOrEqual": "8.5.0",
"versionType": "semver"
},
{
"version": "8.4.0",
"status": "affected",
"lessThanOrEqual": "8.4.0",
"versionType": "semver"
},
{
"version": "8.3.0",
"status": "affected",
"lessThanOrEqual": "8.3.0",
"versionType": "semver"
},
{
"version": "8.2.1",
"status": "affected",
"lessThanOrEqual": "8.2.1",
"versionType": "semver"
},
{
"version": "8.2.0",
"status": "affected",
"lessThanOrEqual": "8.2.0",
"versionType": "semver"
},
{
"version": "8.1.2",
"status": "affected",
"lessThanOrEqual": "8.1.2",
"versionType": "semver"
},
{
"version": "8.1.1",
"status": "affected",
"lessThanOrEqual": "8.1.1",
"versionType": "semver"
},
{
"version": "8.1.0",
"status": "affected",
"lessThanOrEqual": "8.1.0",
"versionType": "semver"
},
{
"version": "8.0.1",
"status": "affected",
"lessThanOrEqual": "8.0.1",
"versionType": "semver"
},
{
"version": "8.0.0",
"status": "affected",
"lessThanOrEqual": "8.0.0",
"versionType": "semver"
},
{
"version": "7.88.1",
"status": "affected",
"lessThanOrEqual": "7.88.1",
"versionType": "semver"
},
{
"version": "7.88.0",
"status": "affected",
"lessThanOrEqual": "7.88.0",
"versionType": "semver"
},
{
"version": "7.87.0",
"status": "affected",
"lessThanOrEqual": "7.87.0",
"versionType": "semver"
},
{
"version": "7.86.0",
"status": "affected",
"lessThanOrEqual": "7.86.0",
"versionType": "semver"
},
{
"version": "7.85.0",
"status": "affected",
"lessThanOrEqual": "7.85.0",
"versionType": "semver"
},
{
"version": "7.84.0",
"status": "affected",
"lessThanOrEqual": "7.84.0",
"versionType": "semver"
},
{
"version": "7.83.1",
"status": "affected",
"lessThanOrEqual": "7.83.1",
"versionType": "semver"
},
{
"version": "7.83.0",
"status": "affected",
"lessThanOrEqual": "7.83.0",
"versionType": "semver"
},
{
"version": "7.82.0",
"status": "affected",
"lessThanOrEqual": "7.82.0",
"versionType": "semver"
},
{
"version": "7.81.0",
"status": "affected",
"lessThanOrEqual": "7.81.0",
"versionType": "semver"
},
{
"version": "7.80.0",
"status": "affected",
"lessThanOrEqual": "7.80.0",
"versionType": "semver"
},
{
"version": "7.79.1",
"status": "affected",
"lessThanOrEqual": "7.79.1",
"versionType": "semver"
},
{
"version": "7.79.0",
"status": "affected",
"lessThanOrEqual": "7.79.0",
"versionType": "semver"
},
{
"version": "7.78.0",
"status": "affected",
"lessThanOrEqual": "7.78.0",
"versionType": "semver"
},
{
"version": "7.77.0",
"status": "affected",
"lessThanOrEqual": "7.77.0",
"versionType": "semver"
},
{
"version": "7.76.1",
"status": "affected",
"lessThanOrEqual": "7.76.1",
"versionType": "semver"
},
{
"version": "7.76.0",
"status": "affected",
"lessThanOrEqual": "7.76.0",
"versionType": "semver"
},
{
"version": "7.75.0",
"status": "affected",
"lessThanOrEqual": "7.75.0",
"versionType": "semver"
},
{
"version": "7.74.0",
"status": "affected",
"lessThanOrEqual": "7.74.0",
"versionType": "semver"
},
{
"version": "7.73.0",
"status": "affected",
"lessThanOrEqual": "7.73.0",
"versionType": "semver"
},
{
"version": "7.72.0",
"status": "affected",
"lessThanOrEqual": "7.72.0",
"versionType": "semver"
},
{
"version": "7.71.1",
"status": "affected",
"lessThanOrEqual": "7.71.1",
"versionType": "semver"
},
{
"version": "7.71.0",
"status": "affected",
"lessThanOrEqual": "7.71.0",
"versionType": "semver"
},
{
"version": "7.70.0",
"status": "affected",
"lessThanOrEqual": "7.70.0",
"versionType": "semver"
},
{
"version": "7.69.1",
"status": "affected",
"lessThanOrEqual": "7.69.1",
"versionType": "semver"
},
{
"version": "7.69.0",
"status": "affected",
"lessThanOrEqual": "7.69.0",
"versionType": "semver"
},
{
"version": "7.68.0",
"status": "affected",
"lessThanOrEqual": "7.68.0",
"versionType": "semver"
},
{
"version": "7.67.0",
"status": "affected",
"lessThanOrEqual": "7.67.0",
"versionType": "semver"
},
{
"version": "7.66.0",
"status": "affected",
"lessThanOrEqual": "7.66.0",
"versionType": "semver"
},
{
"version": "7.65.3",
"status": "affected",
"lessThanOrEqual": "7.65.3",
"versionType": "semver"
},
{
"version": "7.65.2",
"status": "affected",
"lessThanOrEqual": "7.65.2",
"versionType": "semver"
},
{
"version": "7.65.1",
"status": "affected",
"lessThanOrEqual": "7.65.1",
"versionType": "semver"
},
{
"version": "7.65.0",
"status": "affected",
"lessThanOrEqual": "7.65.0",
"versionType": "semver"
},
{
"version": "7.64.1",
"status": "affected",
"lessThanOrEqual": "7.64.1",
"versionType": "semver"
},
{
"version": "7.64.0",
"status": "affected",
"lessThanOrEqual": "7.64.0",
"versionType": "semver"
},
{
"version": "7.63.0",
"status": "affected",
"lessThanOrEqual": "7.63.0",
"versionType": "semver"
},
{
"version": "7.62.0",
"status": "affected",
"lessThanOrEqual": "7.62.0",
"versionType": "semver"
},
{
"version": "7.61.1",
"status": "affected",
"lessThanOrEqual": "7.61.1",
"versionType": "semver"
},
{
"version": "7.61.0",
"status": "affected",
"lessThanOrEqual": "7.61.0",
"versionType": "semver"
},
{
"version": "7.60.0",
"status": "affected",
"lessThanOrEqual": "7.60.0",
"versionType": "semver"
},
{
"version": "7.59.0",
"status": "affected",
"lessThanOrEqual": "7.59.0",
"versionType": "semver"
},
{
"version": "7.58.0",
"status": "affected",
"lessThanOrEqual": "7.58.0",
"versionType": "semver"
},
{
"version": "7.57.0",
"status": "affected",
"lessThanOrEqual": "7.57.0",
"versionType": "semver"
},
{
"version": "7.56.1",
"status": "affected",
"lessThanOrEqual": "7.56.1",
"versionType": "semver"
},
{
"version": "7.56.0",
"status": "affected",
"lessThanOrEqual": "7.56.0",
"versionType": "semver"
},
{
"version": "7.55.1",
"status": "affected",
"lessThanOrEqual": "7.55.1",
"versionType": "semver"
},
{
"version": "7.55.0",
"status": "affected",
"lessThanOrEqual": "7.55.0",
"versionType": "semver"
},
{
"version": "7.54.1",
"status": "affected",
"lessThanOrEqual": "7.54.1",
"versionType": "semver"
},
{
"version": "7.54.0",
"status": "affected",
"lessThanOrEqual": "7.54.0",
"versionType": "semver"
},
{
"version": "7.53.1",
"status": "affected",
"lessThanOrEqual": "7.53.1",
"versionType": "semver"
},
{
"version": "7.53.0",
"status": "affected",
"lessThanOrEqual": "7.53.0",
"versionType": "semver"
},
{
"version": "7.52.1",
"status": "affected",
"lessThanOrEqual": "7.52.1",
"versionType": "semver"
},
{
"version": "7.52.0",
"status": "affected",
"lessThanOrEqual": "7.52.0",
"versionType": "semver"
},
{
"version": "7.51.0",
"status": "affected",
"lessThanOrEqual": "7.51.0",
"versionType": "semver"
},
{
"version": "7.50.3",
"status": "affected",
"lessThanOrEqual": "7.50.3",
"versionType": "semver"
},
{
"version": "7.50.2",
"status": "affected",
"lessThanOrEqual": "7.50.2",
"versionType": "semver"
},
{
"version": "7.50.1",
"status": "affected",
"lessThanOrEqual": "7.50.1",
"versionType": "semver"
},
{
"version": "7.50.0",
"status": "affected",
"lessThanOrEqual": "7.50.0",
"versionType": "semver"
},
{
"version": "7.49.1",
"status": "affected",
"lessThanOrEqual": "7.49.1",
"versionType": "semver"
},
{
"version": "7.49.0",
"status": "affected",
"lessThanOrEqual": "7.49.0",
"versionType": "semver"
},
{
"version": "7.48.0",
"status": "affected",
"lessThanOrEqual": "7.48.0",
"versionType": "semver"
},
{
"version": "7.47.1",
"status": "affected",
"lessThanOrEqual": "7.47.1",
"versionType": "semver"
},
{
"version": "7.47.0",
"status": "affected",
"lessThanOrEqual": "7.47.0",
"versionType": "semver"
},
{
"version": "7.46.0",
"status": "affected",
"lessThanOrEqual": "7.46.0",
"versionType": "semver"
},
{
"version": "7.45.0",
"status": "affected",
"lessThanOrEqual": "7.45.0",
"versionType": "semver"
},
{
"version": "7.44.0",
"status": "affected",
"lessThanOrEqual": "7.44.0",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]
seclists.org/fulldisclosure/2024/Jul/18
seclists.org/fulldisclosure/2024/Jul/19
seclists.org/fulldisclosure/2024/Jul/20
www.openwall.com/lists/oss-security/2024/03/27/3
curl.se/docs/CVE-2024-2398.html
curl.se/docs/CVE-2024-2398.json
hackerone.com/reports/2402845
lists.fedoraproject.org/archives/list/[email protected]/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/
lists.fedoraproject.org/archives/list/[email protected]/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/
security.netapp.com/advisory/ntap-20240503-0009/
support.apple.com/kb/HT214118
support.apple.com/kb/HT214119
support.apple.com/kb/HT214120