Lucene search
Ubuntu.comUB:CVE-2024-2004HistoryMar 27, 2024 - 12:00 a.m.
CVE-2024-2004
2024-03-2700:00:00
ubuntu.com
ubuntu.com
15
protocol selection error
default set
logic flaw
removing protocols
curl.se
low severity
bug
curl 7.85.0
curl 8.6.0.
When a protocol selection parameter option disables all protocols without
adding any then the default set of protocols would remain in the allowed
set due to an error in the logic for removing protocols. The below command
would perform a request to curl.se with a plaintext protocol which has been
explicitly disabled. curl --proto -all,-http http://curl.se The flaw is
only present if the set of selected protocols disables the entire set of
available protocols, in itself a command with no practical use and
therefore unlikely to be encountered in real situations. The curl security
team has thus assessed this to be low severity bug.
Notes
| Author | Note |
|---|---|
| Priority reason: Upstream developers consider this a low severity issue | |
| mdeslaur | affects curl 7.85.0 to and including 8.6.0 |
Related
hackerone
hackerone
curl: CVE-2024-2004: Usage of disabled protocol
2024-02-21 19:56:12
Internet Bug Bounty: Usage of disabled protocol in curl
2024-03-27 18:16:37
cgr
cgr
CVE-2024-2004 vulnerabilities
2024-05-19 03:07:16
cvelist
cvelist
CVE-2024-2004 Usage of disabled protocol
2024-03-27 07:54:27
redhatcve
redhatcve
CVE-2024-2004
2024-03-27 09:26:45
osv
osv
Usage of disabled protocol
2024-03-27 08:00:00
CVE-2024-2004
2024-03-27 08:15:41
curl vulnerabilities
2024-03-27 11:43:38
alpinelinux
alpinelinux
CVE-2024-2004
2024-03-27 08:15:41
nvd
nvd
CVE-2024-2004
2024-03-27 08:15:41
vulnrichment
vulnrichment
CVE-2024-2004 Usage of disabled protocol
2024-03-27 07:54:27
nessus
nessus
Curl 7.85.0 < 8.7.0 Input Misinterpretation (CVE-2024-2004)
2024-03-29 00:00:00
Amazon Linux 2 : curl (ALAS-2024-2526)
2024-04-30 00:00:00
Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2024-596)
2024-04-29 00:00:00
wolfi
wolfi
CVE-2024-2004 vulnerabilities
2024-06-25 15:33:25
debiancve
debiancve
CVE-2024-2004
2024-03-27 08:15:41
cve
cve
CVE-2024-2004
2024-03-27 08:15:41
veracode
veracode
Logic Error
2024-04-05 20:04:00
openvas
openvas
openSUSE: Security Advisory for curl (SUSE-SU-2024:1151-1)
2024-04-09 00:00:00
Fedora: Security Advisory for curl (FEDORA-2024-a09456b7a9)
2024-05-27 00:00:00
Fedora: Security Advisory for curl (FEDORA-2024-6dab59bd47)
2024-05-27 00:00:00
amazon
amazon
Medium: curl
2024-04-24 22:15:00
fedora
fedora
[SECURITY] Fedora 39 Update: curl-8.2.1-5.fc39
2024-04-25 01:20:28
[SECURITY] Fedora 40 Update: curl-8.6.0-8.fc40
2024-04-19 21:41:45
ubuntu
ubuntu
curl vulnerabilities
2024-03-27 00:00:00
curl vulnerabilities
2024-04-29 00:00:00
cloudfoundry
cloudfoundry
USN-6718-1: curl vulnerabilities | Cloud Foundry
2024-05-02 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0585
2024-03-27 00:00:00
Important Photon OS Security Update - PHSA-2024-5.0-0233
2024-03-27 00:00:00
Important Photon OS Security Update - PHSA-2024-3.0-0743
2024-03-27 00:00:00
mageia
mageia
Updated curl packages fix security vulnerabilities
2024-03-29 06:49:09
slackware
slackware
[slackware-security] curl
2024-03-27 19:16:33
redhat
redhat
hp
hp
HP ThinPro 8.0 SP 9 Security Updates
2024-06-17 00:00:00