Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-2004HistoryMar 27, 2024 - 8:15 a.m.
CVE-2024-2004
2024-03-2708:15:41
Debian Security Bug Tracker
security-tracker.debian.org
18
flaw
protocol selection
default protocols
vulnerable
curl
plaintext protocol
low severity
bug
unix
When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | curl | <= 7.88.1-10+deb12u5 | curl_7.88.1-10+deb12u5_all.deb |
| Debian | 11 | all | curl | < 7.74.0-1.3+deb11u11 | curl_7.74.0-1.3+deb11u11_all.deb |
| Debian | 10 | all | curl | < 7.64.0-4+deb10u2 | curl_7.64.0-4+deb10u2_all.deb |
| Debian | 999 | all | curl | < 8.7.1-1 | curl_8.7.1-1_all.deb |
| Debian | 13 | all | curl | < 8.7.1-1 | curl_8.7.1-1_all.deb |
Related
hackerone
hackerone
curl: CVE-2024-2004: Usage of disabled protocol
2024-02-21 19:56:12
Internet Bug Bounty: Usage of disabled protocol in curl
2024-03-27 18:16:37
cgr
cgr
CVE-2024-2004 vulnerabilities
2024-05-19 03:07:16
cvelist
cvelist
CVE-2024-2004 Usage of disabled protocol
2024-03-27 07:54:27
redhatcve
redhatcve
CVE-2024-2004
2024-03-27 09:26:45
osv
osv
Usage of disabled protocol
2024-03-27 08:00:00
CVE-2024-2004
2024-03-27 08:15:41
curl vulnerabilities
2024-03-27 11:43:38
alpinelinux
alpinelinux
CVE-2024-2004
2024-03-27 08:15:41
nvd
nvd
CVE-2024-2004
2024-03-27 08:15:41
vulnrichment
vulnrichment
CVE-2024-2004 Usage of disabled protocol
2024-03-27 07:54:27
nessus
nessus
Curl 7.85.0 < 8.7.0 Input Misinterpretation (CVE-2024-2004)
2024-03-29 00:00:00
Amazon Linux 2 : curl (ALAS-2024-2526)
2024-04-30 00:00:00
Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2024-596)
2024-04-29 00:00:00
wolfi
wolfi
CVE-2024-2004 vulnerabilities
2024-06-25 15:33:25
ubuntucve
ubuntucve
CVE-2024-2004
2024-03-27 00:00:00
cve
cve
CVE-2024-2004
2024-03-27 08:15:41
veracode
veracode
Logic Error
2024-04-05 20:04:00
openvas
openvas
openSUSE: Security Advisory for curl (SUSE-SU-2024:1151-1)
2024-04-09 00:00:00
Fedora: Security Advisory for curl (FEDORA-2024-a09456b7a9)
2024-05-27 00:00:00
Fedora: Security Advisory for curl (FEDORA-2024-6dab59bd47)
2024-05-27 00:00:00
amazon
amazon
Medium: curl
2024-04-24 22:15:00
fedora
fedora
[SECURITY] Fedora 39 Update: curl-8.2.1-5.fc39
2024-04-25 01:20:28
[SECURITY] Fedora 40 Update: curl-8.6.0-8.fc40
2024-04-19 21:41:45
ubuntu
ubuntu
curl vulnerabilities
2024-03-27 00:00:00
curl vulnerabilities
2024-04-29 00:00:00
cloudfoundry
cloudfoundry
USN-6718-1: curl vulnerabilities | Cloud Foundry
2024-05-02 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0585
2024-03-27 00:00:00
Important Photon OS Security Update - PHSA-2024-5.0-0233
2024-03-27 00:00:00
Important Photon OS Security Update - PHSA-2024-3.0-0743
2024-03-27 00:00:00
mageia
mageia
Updated curl packages fix security vulnerabilities
2024-03-29 06:49:09
slackware
slackware
[slackware-security] curl
2024-03-27 19:16:33
redhat
redhat
hp
hp
HP ThinPro 8.0 SP 9 Security Updates
2024-06-17 00:00:00