CLSA-2024-1713333661 Fix CVE(s): CVE-2024-2398

SECURITY UPDATE: - debian/patches/CVE-2024-2398.patch: http2: push headers better cleanup provide common cleanup method for push headers - CVE-2024-2398...

OESA-2024-1412 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum...

CLSA-2024-1712837675 curl: Fix of CVE-2024-2398

CVE-2024-2398: Fix memory leak when aborting server push due to exceeding header limit...

CLSA-2024-1712837577 curl: Fix of CVE-2024-2398

CVE-2024-2398: Fix memory leak when aborting server push due to exceeding header limit...

CLSA-2024-1712836996 Fix CVE(s): CVE-2024-2398

SECURITY UPDATE: http2: push headers better cleanup - debian/patches/CVE-2024-2398.patch: provide common cleanup method for push headers - CVE-2024-2398...

CLSA-2024-1712672178 curl: Fix of CVE-2024-2398

CVE-2024-2398: http2: push headers better cleanup...

CVE-2024-26574

Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe...

PT-2024-21426 · Wondershare · Wondershare Filmora

Name of the Vulnerable Software and Affected Versions: Wondershare Filmora version 13.0.51 Description: The issue allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe. This can be exploited by a local attacker. Recommendations: For Wondershare...

Memory Leakage

libcurl is vulnerable to a Memory Leakage. The vulnerability is due to the improper handling of HTTP/2 server push requests, allows server push and the number of received headers exceeds the maximum limit...

Mageia: Security Advisory (MGASA-2024-0099)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MFA bombing taken to the next level

Simply put, MFA bombing also known as “push bombing” or “MFA fatigue” is a brute force attack on your patience. Cybercriminals use MFA bombing to break into accounts that are protected by multi-factor authentication MFA. MFA normally requires a user to enter a six-digit code sent by SMS, or...

MGASA-2024-0099 Updated curl packages fix security vulnerabilities

CVE-2024-2004: Usage of disabled protocol If all protocols are disabled at run-time with none being added, curl/libcurl would still allow communication with the default set of allowed protocols, including some that are unencrypted. CVE-2024-2398: HTTP/2 push headers memory-leak A memory leak coul...

SUSE CVE-2024-2398

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

Curl 7.44.0 < 8.7.0 HTTP/2 Push Headers Memory-leak (CVE-2024-2398)

The version of Curl installed on the remote host is between 7.44.0 and prior to 8.7.0. It is, therefore, affected by a memory-leak vulnerability. When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed...

USN-6718-2 curl vulnerability

USN-6718-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote...

USN-6718-1 curl vulnerabilities

Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. CVE-2024-2004 It was discovered that curl incorrectly handled memory when limiti...

CVE-2024-2398

A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a...

AZL-37088 CVE-2024-2398 affecting package cmake for versions less than 3.30.3-2

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

AZL-37101 CVE-2024-2398 affecting package curl for versions less than 8.8.0-1

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

AZL-37078 CVE-2024-2398 affecting package curl for versions less than 8.8.0-1

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...