MiracleLinux 9 : curl-7.76.1-29.el9_4.1 (AXSA:2024-8698:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8698:05 advisory. curl: HTTP/2 push headers memory-leak CVE-2024-2398 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

SUSE-SU-2025:20029-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2024-7264: ASN.1 date parser overread bsc1228535 - CVE-2024-6197: Freeing stack buffer in utf8asn1str bsc1227888 - CVE-2024-2379: QUIC certificate check bypass with wolfSSL bsc1221666 - CVE-2024-2466: TLS certificate...

curl security update

7.76.1-29.el94.1 - provide common cleanup method for push headers CVE-2024-2398...

HTTP/2 push headers memory-leak

...

SUSE-SU-2024:1151-2 Security update for curl

This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. bsc1221665 - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. bsc1221667...

CLSA-2024-1713333661 Fix CVE(s): CVE-2024-2398

SECURITY UPDATE: - debian/patches/CVE-2024-2398.patch: http2: push headers better cleanup provide common cleanup method for push headers - CVE-2024-2398...

CLSA-2024-1712836996 Fix CVE(s): CVE-2024-2398

SECURITY UPDATE: http2: push headers better cleanup - debian/patches/CVE-2024-2398.patch: provide common cleanup method for push headers - CVE-2024-2398...

CLSA-2024-1712672178 curl: Fix of CVE-2024-2398

CVE-2024-2398: http2: push headers better cleanup...

Mageia: Security Advisory (MGASA-2024-0099)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Curl 7.44.0 < 8.7.0 HTTP/2 Push Headers Memory-leak (CVE-2024-2398)

The version of Curl installed on the remote host is between 7.44.0 and prior to 8.7.0. It is, therefore, affected by a memory-leak vulnerability. When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed...

Curl 安全漏洞

Curl is a tool for transferring data from or to a server. A security vulnerability exists in Curl versions 7.44.0 through 8.6.0 that stems from allowing HTTP/2 pushes. libcurl aborts server pushes when the number of received push headers exceeds the maximum allowable limit 1000, which, when...

curl: CVE-2024-2398: HTTP/2 push headers memory-leak

CVE-2024-2398 was a memory-leak vulnerability in the HTTP/2 push headers implementation of libcurl. For each incoming PUSHPROMISE header, a new string was allocated and stored in an array. When the number of headers exceeded a threshold, libcurl freed the array but forgot to free the individual...