Lucene search

K
cvelistCurlCVELIST:CVE-2024-2398
HistoryMar 27, 2024 - 7:55 a.m.

CVE-2024-2398 HTTP/2 push headers memory-leak

2024-03-2707:55:48
curl
www.cve.org
14
cve-2024-2398
application
http/2
server push
memory-leak
error condition
libcurl

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

17.6%

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.

CNA Affected

[
  {
    "vendor": "curl",
    "product": "curl",
    "versions": [
      {
        "version": "8.6.0",
        "status": "affected",
        "lessThanOrEqual": "8.6.0",
        "versionType": "semver"
      },
      {
        "version": "8.5.0",
        "status": "affected",
        "lessThanOrEqual": "8.5.0",
        "versionType": "semver"
      },
      {
        "version": "8.4.0",
        "status": "affected",
        "lessThanOrEqual": "8.4.0",
        "versionType": "semver"
      },
      {
        "version": "8.3.0",
        "status": "affected",
        "lessThanOrEqual": "8.3.0",
        "versionType": "semver"
      },
      {
        "version": "8.2.1",
        "status": "affected",
        "lessThanOrEqual": "8.2.1",
        "versionType": "semver"
      },
      {
        "version": "8.2.0",
        "status": "affected",
        "lessThanOrEqual": "8.2.0",
        "versionType": "semver"
      },
      {
        "version": "8.1.2",
        "status": "affected",
        "lessThanOrEqual": "8.1.2",
        "versionType": "semver"
      },
      {
        "version": "8.1.1",
        "status": "affected",
        "lessThanOrEqual": "8.1.1",
        "versionType": "semver"
      },
      {
        "version": "8.1.0",
        "status": "affected",
        "lessThanOrEqual": "8.1.0",
        "versionType": "semver"
      },
      {
        "version": "8.0.1",
        "status": "affected",
        "lessThanOrEqual": "8.0.1",
        "versionType": "semver"
      },
      {
        "version": "8.0.0",
        "status": "affected",
        "lessThanOrEqual": "8.0.0",
        "versionType": "semver"
      },
      {
        "version": "7.88.1",
        "status": "affected",
        "lessThanOrEqual": "7.88.1",
        "versionType": "semver"
      },
      {
        "version": "7.88.0",
        "status": "affected",
        "lessThanOrEqual": "7.88.0",
        "versionType": "semver"
      },
      {
        "version": "7.87.0",
        "status": "affected",
        "lessThanOrEqual": "7.87.0",
        "versionType": "semver"
      },
      {
        "version": "7.86.0",
        "status": "affected",
        "lessThanOrEqual": "7.86.0",
        "versionType": "semver"
      },
      {
        "version": "7.85.0",
        "status": "affected",
        "lessThanOrEqual": "7.85.0",
        "versionType": "semver"
      },
      {
        "version": "7.84.0",
        "status": "affected",
        "lessThanOrEqual": "7.84.0",
        "versionType": "semver"
      },
      {
        "version": "7.83.1",
        "status": "affected",
        "lessThanOrEqual": "7.83.1",
        "versionType": "semver"
      },
      {
        "version": "7.83.0",
        "status": "affected",
        "lessThanOrEqual": "7.83.0",
        "versionType": "semver"
      },
      {
        "version": "7.82.0",
        "status": "affected",
        "lessThanOrEqual": "7.82.0",
        "versionType": "semver"
      },
      {
        "version": "7.81.0",
        "status": "affected",
        "lessThanOrEqual": "7.81.0",
        "versionType": "semver"
      },
      {
        "version": "7.80.0",
        "status": "affected",
        "lessThanOrEqual": "7.80.0",
        "versionType": "semver"
      },
      {
        "version": "7.79.1",
        "status": "affected",
        "lessThanOrEqual": "7.79.1",
        "versionType": "semver"
      },
      {
        "version": "7.79.0",
        "status": "affected",
        "lessThanOrEqual": "7.79.0",
        "versionType": "semver"
      },
      {
        "version": "7.78.0",
        "status": "affected",
        "lessThanOrEqual": "7.78.0",
        "versionType": "semver"
      },
      {
        "version": "7.77.0",
        "status": "affected",
        "lessThanOrEqual": "7.77.0",
        "versionType": "semver"
      },
      {
        "version": "7.76.1",
        "status": "affected",
        "lessThanOrEqual": "7.76.1",
        "versionType": "semver"
      },
      {
        "version": "7.76.0",
        "status": "affected",
        "lessThanOrEqual": "7.76.0",
        "versionType": "semver"
      },
      {
        "version": "7.75.0",
        "status": "affected",
        "lessThanOrEqual": "7.75.0",
        "versionType": "semver"
      },
      {
        "version": "7.74.0",
        "status": "affected",
        "lessThanOrEqual": "7.74.0",
        "versionType": "semver"
      },
      {
        "version": "7.73.0",
        "status": "affected",
        "lessThanOrEqual": "7.73.0",
        "versionType": "semver"
      },
      {
        "version": "7.72.0",
        "status": "affected",
        "lessThanOrEqual": "7.72.0",
        "versionType": "semver"
      },
      {
        "version": "7.71.1",
        "status": "affected",
        "lessThanOrEqual": "7.71.1",
        "versionType": "semver"
      },
      {
        "version": "7.71.0",
        "status": "affected",
        "lessThanOrEqual": "7.71.0",
        "versionType": "semver"
      },
      {
        "version": "7.70.0",
        "status": "affected",
        "lessThanOrEqual": "7.70.0",
        "versionType": "semver"
      },
      {
        "version": "7.69.1",
        "status": "affected",
        "lessThanOrEqual": "7.69.1",
        "versionType": "semver"
      },
      {
        "version": "7.69.0",
        "status": "affected",
        "lessThanOrEqual": "7.69.0",
        "versionType": "semver"
      },
      {
        "version": "7.68.0",
        "status": "affected",
        "lessThanOrEqual": "7.68.0",
        "versionType": "semver"
      },
      {
        "version": "7.67.0",
        "status": "affected",
        "lessThanOrEqual": "7.67.0",
        "versionType": "semver"
      },
      {
        "version": "7.66.0",
        "status": "affected",
        "lessThanOrEqual": "7.66.0",
        "versionType": "semver"
      },
      {
        "version": "7.65.3",
        "status": "affected",
        "lessThanOrEqual": "7.65.3",
        "versionType": "semver"
      },
      {
        "version": "7.65.2",
        "status": "affected",
        "lessThanOrEqual": "7.65.2",
        "versionType": "semver"
      },
      {
        "version": "7.65.1",
        "status": "affected",
        "lessThanOrEqual": "7.65.1",
        "versionType": "semver"
      },
      {
        "version": "7.65.0",
        "status": "affected",
        "lessThanOrEqual": "7.65.0",
        "versionType": "semver"
      },
      {
        "version": "7.64.1",
        "status": "affected",
        "lessThanOrEqual": "7.64.1",
        "versionType": "semver"
      },
      {
        "version": "7.64.0",
        "status": "affected",
        "lessThanOrEqual": "7.64.0",
        "versionType": "semver"
      },
      {
        "version": "7.63.0",
        "status": "affected",
        "lessThanOrEqual": "7.63.0",
        "versionType": "semver"
      },
      {
        "version": "7.62.0",
        "status": "affected",
        "lessThanOrEqual": "7.62.0",
        "versionType": "semver"
      },
      {
        "version": "7.61.1",
        "status": "affected",
        "lessThanOrEqual": "7.61.1",
        "versionType": "semver"
      },
      {
        "version": "7.61.0",
        "status": "affected",
        "lessThanOrEqual": "7.61.0",
        "versionType": "semver"
      },
      {
        "version": "7.60.0",
        "status": "affected",
        "lessThanOrEqual": "7.60.0",
        "versionType": "semver"
      },
      {
        "version": "7.59.0",
        "status": "affected",
        "lessThanOrEqual": "7.59.0",
        "versionType": "semver"
      },
      {
        "version": "7.58.0",
        "status": "affected",
        "lessThanOrEqual": "7.58.0",
        "versionType": "semver"
      },
      {
        "version": "7.57.0",
        "status": "affected",
        "lessThanOrEqual": "7.57.0",
        "versionType": "semver"
      },
      {
        "version": "7.56.1",
        "status": "affected",
        "lessThanOrEqual": "7.56.1",
        "versionType": "semver"
      },
      {
        "version": "7.56.0",
        "status": "affected",
        "lessThanOrEqual": "7.56.0",
        "versionType": "semver"
      },
      {
        "version": "7.55.1",
        "status": "affected",
        "lessThanOrEqual": "7.55.1",
        "versionType": "semver"
      },
      {
        "version": "7.55.0",
        "status": "affected",
        "lessThanOrEqual": "7.55.0",
        "versionType": "semver"
      },
      {
        "version": "7.54.1",
        "status": "affected",
        "lessThanOrEqual": "7.54.1",
        "versionType": "semver"
      },
      {
        "version": "7.54.0",
        "status": "affected",
        "lessThanOrEqual": "7.54.0",
        "versionType": "semver"
      },
      {
        "version": "7.53.1",
        "status": "affected",
        "lessThanOrEqual": "7.53.1",
        "versionType": "semver"
      },
      {
        "version": "7.53.0",
        "status": "affected",
        "lessThanOrEqual": "7.53.0",
        "versionType": "semver"
      },
      {
        "version": "7.52.1",
        "status": "affected",
        "lessThanOrEqual": "7.52.1",
        "versionType": "semver"
      },
      {
        "version": "7.52.0",
        "status": "affected",
        "lessThanOrEqual": "7.52.0",
        "versionType": "semver"
      },
      {
        "version": "7.51.0",
        "status": "affected",
        "lessThanOrEqual": "7.51.0",
        "versionType": "semver"
      },
      {
        "version": "7.50.3",
        "status": "affected",
        "lessThanOrEqual": "7.50.3",
        "versionType": "semver"
      },
      {
        "version": "7.50.2",
        "status": "affected",
        "lessThanOrEqual": "7.50.2",
        "versionType": "semver"
      },
      {
        "version": "7.50.1",
        "status": "affected",
        "lessThanOrEqual": "7.50.1",
        "versionType": "semver"
      },
      {
        "version": "7.50.0",
        "status": "affected",
        "lessThanOrEqual": "7.50.0",
        "versionType": "semver"
      },
      {
        "version": "7.49.1",
        "status": "affected",
        "lessThanOrEqual": "7.49.1",
        "versionType": "semver"
      },
      {
        "version": "7.49.0",
        "status": "affected",
        "lessThanOrEqual": "7.49.0",
        "versionType": "semver"
      },
      {
        "version": "7.48.0",
        "status": "affected",
        "lessThanOrEqual": "7.48.0",
        "versionType": "semver"
      },
      {
        "version": "7.47.1",
        "status": "affected",
        "lessThanOrEqual": "7.47.1",
        "versionType": "semver"
      },
      {
        "version": "7.47.0",
        "status": "affected",
        "lessThanOrEqual": "7.47.0",
        "versionType": "semver"
      },
      {
        "version": "7.46.0",
        "status": "affected",
        "lessThanOrEqual": "7.46.0",
        "versionType": "semver"
      },
      {
        "version": "7.45.0",
        "status": "affected",
        "lessThanOrEqual": "7.45.0",
        "versionType": "semver"
      },
      {
        "version": "7.44.0",
        "status": "affected",
        "lessThanOrEqual": "7.44.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]