- Vulnerability/
- USN-6944-2
20/8/2024
USN-6944-2: curl vulnerability
First published: Tue Aug 20 2024(Updated: )
USN-6944-1 fixed CVE-2024-7264 for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. This update provides the corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Dov Murik discovered that curl incorrectly handled parsing ASN.1 Generalized Time fields. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/curl | <7.58.0-2ubuntu3.24+esm5 | 7.58.0-2ubuntu3.24+esm5 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/libcurl3-gnutls | <7.58.0-2ubuntu3.24+esm5 | 7.58.0-2ubuntu3.24+esm5 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/libcurl3-nss | <7.58.0-2ubuntu3.24+esm5 | 7.58.0-2ubuntu3.24+esm5 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/libcurl4 | <7.58.0-2ubuntu3.24+esm5 | 7.58.0-2ubuntu3.24+esm5 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/curl | <7.47.0-1ubuntu2.19+esm13 | 7.47.0-1ubuntu2.19+esm13 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/libcurl3 | <7.47.0-1ubuntu2.19+esm13 | 7.47.0-1ubuntu2.19+esm13 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/libcurl3-gnutls | <7.47.0-1ubuntu2.19+esm13 | 7.47.0-1ubuntu2.19+esm13 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/libcurl3-nss | <7.47.0-1ubuntu2.19+esm13 | 7.47.0-1ubuntu2.19+esm13 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/curl | <7.35.0-1ubuntu2.20+esm18 | 7.35.0-1ubuntu2.20+esm18 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/libcurl3 | <7.35.0-1ubuntu2.20+esm18 | 7.35.0-1ubuntu2.20+esm18 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/libcurl3-gnutls | <7.35.0-1ubuntu2.20+esm18 | 7.35.0-1ubuntu2.20+esm18 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/libcurl3-nss | <7.35.0-1ubuntu2.20+esm18 | 7.35.0-1ubuntu2.20+esm18 |
| Ubuntu Ubuntu | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2024-7264
- https://ubuntu.com/security/notices/{'id': 'USN-6944-1', 'packages': 'libcurl4-gnutls-dev, curl, libcurl4-nss-dev, libcurl4-doc, libcurl4t64, libcurl4-openssl-dev, libcurl4, libcurl3t64-gnutls, libcurl3-nss, libcurl3-gnutls'}
- https://ubuntu.com/security/notices/USN-6944-2 (Advisory)
- agent/title
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/type
- agent/description
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/references
- agent/tags
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04