First published: Wed Mar 20 2024(Updated: )
cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing HTTP/2 server push. By sending a specially crafted PUSH_PROMISE frames with an excessive amount of headers, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Credit: 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 CVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466 CVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466 CVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS Ventura | <13.6.8 | 13.6.8 |
Apple macOS Monterey | <12.7.6 | 12.7.6 |
Apple macOS Sonoma | <14.6 | 14.6 |
redhat/curl | <8.7.0 | 8.7.0 |
debian/curl | <=7.74.0-1.3+deb11u11<=7.88.1-10+deb12u5 | 7.74.0-1.3+deb11u13 7.88.1-10+deb12u7 8.10.1-2 |
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)