CVE-2024-2004: Usage of disabled protocol
First published: Wed Mar 20 2024(Updated: )
Accounts. The issue was addressed with improved checks.
Credit: 2499f714-1537-4658-8207-48ae4bb9eae9 CVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466 Csaba Fitzl @theevilbit KandjiMinghao Lin Baidu Security Baidu SecurityYe Zhang @VAR10CK Baidu SecurityMickey Jin @patch1t Michael DePlante @izobashi Trend Micro Zero Day InitiativeD4m0n Amir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary Operationsan anonymous researcher CVE-2023-6277 CVE-2023-52356 Yisumi sqrtpwn Minghao Lin Zhejiang UniversityJiaxun Zhu Zhejiang UniversityPatrick Wardle DoubleYouAdam M. CVE-2024-6387 Zhongquan Li @Guluisacat Dawn Security Lab of JingDongClaudio Bozzato Cisco TalosFrancesco Benvenuto Cisco TalosCVE-2024-23296 Yadhu Krishna M Cyber Security At Suma Soft PvtNarendra Bhati Cyber Security At Suma Soft PvtManager Cyber Security At Suma Soft PvtPune (India) Kirin @Pwnrin Joshua Jones Marcio Almeida Tanto SecurityJiahui Hu (梅零落) NorthSeaMeng Zhang (鲸落) NorthSeaMatthew Loewen Yann Gascuel Alter Solutionsw0wbox Junsung Lee Trend Micro Zero Day Initiative CrowdStrike Counter Adversary OperationsGandalf4a CertiK SkyFall Team CVE-2024-40805 Rodolphe BRUNETTI @eisw0lf Mickey Jin @patch1t Kandji KandjiMateen Alinaghi Csaba Fitzl @theevilbit Offensive SecurityWojciech Regula SecuRing Dawn Security Lab of JingDongJiwon Park Bistrit Dahal Srijan Poudel Arsenii Kostromin (0x3c3e) Huang Xilin Ant Group LightMaksymilian Motyl Johan Carlsson (joaxcar) Seunghyun Lee @0x10n KAIST Hacking Lab working with Trend Micro Zero Day InitiativeCVE-2024-4558 Matthew Butler Gary Kwong Andreas Jaegersberger Ro Achterberg IES Red Team ByteDanceYeto Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal India
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Monterey | <12.7.6 | 12.7.6 |
| debian/curl | <=7.88.1-10+deb12u5 | 7.74.0-1.3+deb11u13 7.74.0-1.3+deb11u11 7.88.1-10+deb12u7 8.10.1-2 |
| redhat/curl | <8.7.0 | 8.7.0 |
| Apple macOS | <14.6 | 14.6 |
| Apple macOS | <13.6.8 | 13.6.8 |
| <12.7.6 | 12.7.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/
- https://hackerone.com/reports/2384833
- https://curl.se/docs/CVE-2024-2004.json
- https://curl.se/docs/CVE-2024-2004.html
- http://www.openwall.com/lists/oss-security/2024/03/27/1
- https://security.netapp.com/advisory/ntap-20240524-0006/
- https://launchpad.net/bugs/cve/CVE-2024-2004
- http://seclists.org/fulldisclosure/2024/Jul/18
- http://seclists.org/fulldisclosure/2024/Jul/19
- http://seclists.org/fulldisclosure/2024/Jul/20
- https://support.apple.com/kb/HT214118
- https://support.apple.com/kb/HT214119
- https://support.apple.com/kb/HT214120
- https://support.apple.com/en-us/HT214118 (Advisory)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2004
- https://nvd.nist.gov/vuln/detail/CVE-2024-2004
- https://security-tracker.debian.org/tracker/CVE-2024-2004
- https://ubuntu.com/security/CVE-2024-2004
- https://github.com/curl/curl/commit/e6f8445edef8e7996d1cfb141d6df184efef972c
- https://github.com/curl/curl/commit/17d302e56221f5040092db77d4f85086e8a20e0e
- http://curl.se
- https://github.com/curl/curl/commit/17d302e56221
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2271826
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2271827
- https://access.redhat.com/errata/RHSA-2024:2694
- https://access.redhat.com/errata/RHSA-2024:2693
- https://bugzilla.redhat.com/show_bug.cgi?id=2270500
- https://support.apple.com/en-us/HT214119 (Advisory)
- https://support.apple.com/en-us/HT214120 (Advisory)
- https://support.apple.com/en-us/120910 (Advisory)
- https://support.apple.com/en-us/120911 (Advisory)
- https://support.apple.com/en-us/120912 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-40783
- CVE-2024-27826
- CVE-2024-40775
- CVE-2024-40774
- CVE-2024-27877
- CVE-2024-40799
- CVE-2024-27873
- CVE-2024-2004
- CVE-2024-2379
- CVE-2024-2398
- CVE-2024-2466
- CVE-2024-40827
- CVE-2024-40828
- CVE-2023-6277
- CVE-2023-52356
- CVE-2024-40806
- CVE-2024-40816
- CVE-2024-40788
- CVE-2024-40803
- CVE-2024-40796
- CVE-2024-6387
- CVE-2024-40781
- CVE-2024-40802
- CVE-2024-40823
- CVE-2024-27882
- CVE-2024-27883
- CVE-2024-40800
- CVE-2024-23296
- CVE-2024-40817
- CVE-2024-27881
- CVE-2024-40821
- CVE-2024-40798
- CVE-2024-40833
- CVE-2024-40835
- CVE-2024-40807
- CVE-2024-40834
- CVE-2024-40787
- CVE-2024-40793
- CVE-2024-40809
- CVE-2024-40812
- CVE-2024-23261
- CVE-2024-40804
- CVE-2023-38709
- CVE-2024-24795
- CVE-2024-27316
- CVE-2024-40814
- CVE-2024-27878
- CVE-2024-40815
- CVE-2024-40795
- CVE-2024-40777
- CVE-2024-40784
- CVE-2024-27863
- CVE-2024-40805
- CVE-2024-40832
- CVE-2024-40778
- CVE-2023-27952
- CVE-2024-40824
- CVE-2024-27871
- CVE-2024-27872
- CVE-2024-27862
- CVE-2024-40836
- CVE-2024-40818
- CVE-2024-40822
- CVE-2024-40811
- CVE-2024-40776
- CVE-2024-40782
- CVE-2024-40779
- CVE-2024-40780
- CVE-2024-40785
- CVE-2024-40789
- CVE-2024-4558
- CVE-2024-40794
- CVE-2024-40786
- CVE-2024-40829
- CVE-2024-44205
- CVE-2024-44306
- CVE-2024-44307
- CVE-2024-44141
- CVE-2024-40810
- CVE-2024-44185
- CVE-2024-44206
Frequently Asked Questions
What is the severity of CVE-2024-2004?
CVE-2024-2004 is a critical vulnerability that affects various versions of curl and related projects.
How do I fix CVE-2024-2004?
To mitigate CVE-2024-2004, update curl to the latest version provided by your operating system's package manager.
Which versions are affected by CVE-2024-2004?
CVE-2024-2004 affects specific versions of curl up to 7.88.1-10+deb12u5 for Debian and several versions of macOS including Monterey, Ventura, and Sonoma.
Is CVE-2024-2004 related to Apple Software?
Yes, CVE-2024-2004 impacts Apple macOS versions including Monterey, Ventura, and Sonoma.
How was CVE-2024-2004 identified?
CVE-2024-2004 was assigned following identification by a third party highlighting vulnerabilities in open source curl code.
- collector/oss-sec
- source/oss-sec
- alias/CVE-2024-2004
- agent/title
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/severity
- collector/nvd-cve
- source/NVD
- collector/apple-support
- source/Apple
- alias/CVE-2024-2379
- alias/CVE-2024-2398
- alias/CVE-2024-2466
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- agent/trending
- collector/redhat-bugzilla
- source/Red Hat
- agent/last-modified-date
- agent/source
- agent/software-canonical-lookup-request
- agent/tags
- alias/CVE-2024-27826
- alias/CVE-2024-40775
- alias/CVE-2024-40774
- alias/CVE-2024-27877
- alias/CVE-2024-40799
- alias/CVE-2024-27873
- alias/CVE-2024-40827
- alias/CVE-2024-40828
- alias/CVE-2023-6277
- alias/CVE-2023-52356
- alias/CVE-2024-40806
- alias/CVE-2024-40816
- alias/CVE-2024-40788
- alias/CVE-2024-40803
- alias/CVE-2024-40796
- alias/CVE-2024-6387
- alias/CVE-2024-40781
- alias/CVE-2024-40802
- alias/CVE-2024-40823
- alias/CVE-2024-27882
- alias/CVE-2024-27883
- alias/CVE-2024-40800
- alias/CVE-2024-23296
- alias/CVE-2024-40817
- alias/CVE-2024-27881
- alias/CVE-2024-40821
- alias/CVE-2024-40798
- alias/CVE-2024-40833
- alias/CVE-2024-40835
- alias/CVE-2024-40807
- alias/CVE-2024-40834
- alias/CVE-2024-40787
- alias/CVE-2024-40793
- alias/CVE-2024-40809
- alias/CVE-2024-40812
- alias/CVE-2024-44205
- alias/CVE-2024-23261
- alias/CVE-2024-44141
- alias/CVE-2024-40815
- alias/CVE-2024-40795
- alias/CVE-2024-40777
- alias/CVE-2024-40784
- alias/CVE-2024-40810
- alias/CVE-2024-27863
- alias/CVE-2024-40805
- alias/CVE-2024-40832
- alias/CVE-2024-40778
- alias/CVE-2023-27952
- alias/CVE-2024-40824
- alias/CVE-2024-27871
- alias/CVE-2024-27872
- alias/CVE-2024-27862
- alias/CVE-2024-40836
- alias/CVE-2024-40818
- alias/CVE-2024-40822
- alias/CVE-2024-40811
- alias/CVE-2024-40776
- alias/CVE-2024-40782
- alias/CVE-2024-40779
- alias/CVE-2024-40780
- alias/CVE-2024-40785
- alias/CVE-2024-40789
- alias/CVE-2024-4558
- alias/CVE-2024-40794
- alias/CVE-2024-44185
- alias/CVE-2024-44206
- alias/CVE-2023-38709
- alias/CVE-2024-24795
- alias/CVE-2024-27316
- alias/CVE-2024-40783
- alias/CVE-2024-40814
- alias/CVE-2024-27878
- alias/CVE-2024-44306
- alias/CVE-2024-44307
- alias/CVE-2024-40786
- alias/CVE-2024-40829
- agent/event
- agent/references
- agent/author
- agent/softwarecombine
- agent/description
- agent/weakness
- vendor/apple
- canonical/apple macos monterey
- package-manager/debian
- package-manager/redhat
- canonical/apple macos