JLSEC-2026-416 When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of...

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

EUVD-2024-27350

Malicious code in bioql PyPI...

TencentOS Server 3: curl (TSSA-2024:0408)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0408 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.6 is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.6 is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...

EulerOS 2.0 SP8 : curl (EulerOS-SA-2024-2460)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowe...

EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2024-2114)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-2022)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1953)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 24.04 LTS. : curl vulnerabilities (USN-6718-3)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6718-3 advisory. USN-6718-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 24.04 LTS. Tenable has extracted the preceding...

MGASA-2024-0099 Updated curl packages fix security vulnerabilities

CVE-2024-2004: Usage of disabled protocol If all protocols are disabled at run-time with none being added, curl/libcurl would still allow communication with the default set of allowed protocols, including some that are unencrypted. CVE-2024-2398: HTTP/2 push headers memory-leak A memory leak coul...

CVE-2024-2398

CVE-2024-2398 affects curl/libcurl: when an application enables HTTP/2 server push and the received push headers exceed a limit (1000), libcurl aborts the server push and leaks previously allocated headers, causing memory leaks and a silent condition that can be hard to detect. The CVSS in the en...

Ubuntu 16.04 LTS / 18.04 LTS : curl vulnerability (USN-6718-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6718-2 advisory. USN-6718-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Tenable has extract...

Slackware Linux 15.0 / current curl Multiple Vulnerabilities (SSA:2024-087-01)

The version of curl installed on the remote host is prior to 8.7.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-087-01 advisory. - When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : curl vulnerabilities (USN-6718-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6718-1 advisory. Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols...

PT-2024-2655 · Libcurl +12 · Libcurl +12

Name of the Vulnerable Software and Affected Versions: libcurl affected versions not specified Description: The issue is related to a memory leak in libcurl when handling HTTP/2 server push. When the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts...

HTTP/2 Server Push: The What, How and Why

What is HTTP/2 Server Push? How does it work? Why is it valuable? If you are looking for the answers to these questions, you've come to the right place. What it is HTTP/2 h2 Server Push is one of the performance features included in version 2 of the HTTP protocol. It allows the Web server to "pus...