CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
17.6%
When an application tells libcurl it wants to allow HTTP/2 server push, and
the amount of received headers for the push surpasses the maximum allowed
limit (1000), libcurl aborts the server push. When aborting, libcurl
inadvertently does not free all the previously allocated headers and
instead leaks the memory. Further, this error condition fails silently and
is therefore not easily detected by an application.
Author | Note |
---|---|
mdeslaur | affects curl 7.44.0 to and including 8.6.0 introduced in https://github.com/curl/curl/commit/ea7134ac874a66107e54ff9 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | curl | < 7.58.0-2ubuntu3.24+esm4 | UNKNOWN |
ubuntu | 20.04 | noarch | curl | < 7.68.0-1ubuntu2.22 | UNKNOWN |
ubuntu | 22.04 | noarch | curl | < 7.81.0-1ubuntu1.16 | UNKNOWN |
ubuntu | 23.10 | noarch | curl | < 8.2.1-1ubuntu3.3 | UNKNOWN |
ubuntu | 24.04 | noarch | curl | < 8.5.0-2ubuntu10.1 | UNKNOWN |
ubuntu | 16.04 | noarch | curl | < 7.47.0-1ubuntu2.19+esm12 | UNKNOWN |
curl.se/docs/CVE-2024-2398.html
launchpad.net/bugs/cve/CVE-2024-2398
nvd.nist.gov/vuln/detail/CVE-2024-2398
security-tracker.debian.org/tracker/CVE-2024-2398
ubuntu.com/security/notices/USN-6718-1
ubuntu.com/security/notices/USN-6718-2
ubuntu.com/security/notices/USN-6718-3
www.cve.org/CVERecord?id=CVE-2024-2398