Lucene search
K

100 matches found

SUSE CVE
SUSE CVE
added 2024/03/29 3:30 a.m.3 views

SUSE CVE-2024-2398

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

6.5CVSS7.6AI score0.36081EPSS
Exploits1References9
OSV
OSV
added 2024/03/27 2:59 p.m.7 views

USN-6718-2 curl vulnerability

USN-6718-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote...

8.6CVSS7AI score0.36081EPSS
Exploits1References2
OSV
OSV
added 2024/03/27 11:43 a.m.6 views

USN-6718-1 curl vulnerabilities

Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. CVE-2024-2004 It was discovered that curl incorrectly handled memory when limiti...

8.6CVSS7AI score0.36081EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2024/03/27 9:27 a.m.83 views

CVE-2024-2398

A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a...

7.5CVSS7.1AI score0.36081EPSS
Exploits1References4
OSV
OSV
added 2024/03/27 8:15 a.m.7 views

AZL-37101 CVE-2024-2398 affecting package curl for versions less than 8.8.0-1

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

8.6CVSS6.9AI score0.36081EPSS
Exploits1References1
OSV
OSV
added 2024/03/27 8:15 a.m.3 views

ALPINE-CVE-2024-2398

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

8.6CVSS6.9AI score0.36081EPSS
Exploits1References1
OSV
OSV
added 2024/03/27 8:15 a.m.6 views

AZL-37078 CVE-2024-2398 affecting package curl for versions less than 8.8.0-1

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

8.6CVSS6.9AI score0.36081EPSS
Exploits1References1
OSV
OSV
added 2024/03/27 8:15 a.m.6 views

AZL-37088 CVE-2024-2398 affecting package cmake for versions less than 3.30.3-2

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

8.6CVSS6.9AI score0.36081EPSS
Exploits1References1
curl security advisories
curl security advisories
added 2024/03/27 8:0 a.m.8 views

HTTP/2 push headers memory-leak

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

8.6CVSS6.6AI score0.36081EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2024/03/27 8:0 a.m.25 views

CURL-CVE-2024-2398 HTTP/2 push headers memory-leak

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

8.6CVSS8.2AI score0.36081EPSS
Exploits1
Cvelist
Cvelist
added 2024/03/27 7:55 a.m.100 views

CVE-2024-2398 HTTP/2 push headers memory-leak

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

9.6AI score0.36081EPSS
Exploits1References13
AlpineLinux
AlpineLinux
added 2024/03/27 7:55 a.m.98 views

CVE-2024-2398

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

8.6CVSS8.5AI score0.36081EPSS
Exploits1
CVE
CVE
added 2024/03/27 7:55 a.m.448 views

CVE-2024-2398

CVE-2024-2398 affects curl/libcurl: when an application enables HTTP/2 server push and the received push headers exceed a limit (1000), libcurl aborts the server push and leaks previously allocated headers, causing memory leaks and a silent condition that can be hard to detect. The CVSS in the en...

8.6CVSS8.3AI score0.36081EPSS
Exploits1References13Affected Software1
OSV
OSV
added 2024/03/27 7:55 a.m.35 views

CVE-2024-2398 HTTP/2 push headers memory-leak

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

8.6CVSS6.7AI score0.36081EPSS
Exploits1References15
Debian CVE
Debian CVE
added 2024/03/27 7:55 a.m.41 views

CVE-2024-2398

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

8.6CVSS7.4AI score0.36081EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2024/03/27 7:0 a.m.394 views

CVE-2024-2398

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

8.6CVSS6.8AI score0.36081EPSS
Exploits1References5
OSV
OSV
added 2024/03/27 7:0 a.m.9 views

UBUNTU-CVE-2024-2398

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

8.6CVSS6.9AI score0.36081EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2024/03/27 12:0 a.m.37 views

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : curl vulnerabilities (USN-6718-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6718-1 advisory. Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols...

8.6CVSS6.7AI score0.36081EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2024/03/27 12:0 a.m.40 views

Slackware Linux 15.0 / current curl Multiple Vulnerabilities (SSA:2024-087-01)

The version of curl installed on the remote host is prior to 8.7.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-087-01 advisory. - When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would...

8.6CVSS6.6AI score0.36081EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2024/03/27 12:0 a.m.29 views

Ubuntu 16.04 LTS / 18.04 LTS : curl vulnerability (USN-6718-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6718-2 advisory. USN-6718-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Tenable has extract...

8.6CVSS6.9AI score0.36081EPSS
Exploits1References2
Rows per page
Query Builder