When an application tells libcurl it wants to allow HTTP/2 server push, and
the amount of received headers for the push surpasses the maximum allowed
limit (1000), libcurl aborts the server push. When aborting, libcurl
inadvertently does not free all the previously allocated headers and
instead leaks the memory. Further, this error condition fails silently and
is therefore not easily detected by an application.
Author | Note |
---|---|
mdeslaur | affects curl 7.44.0 to and including 8.6.0 introduced in https://github.com/curl/curl/commit/ea7134ac874a66107e54ff9 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | curl | < 7.58.0-2ubuntu3.24+esm4 | UNKNOWN |
ubuntu | 20.04 | noarch | curl | < 7.68.0-1ubuntu2.22 | UNKNOWN |
ubuntu | 22.04 | noarch | curl | < 7.81.0-1ubuntu1.16 | UNKNOWN |
ubuntu | 23.10 | noarch | curl | < 8.2.1-1ubuntu3.3 | UNKNOWN |
ubuntu | 24.04 | noarch | curl | < 8.5.0-2ubuntu10.1 | UNKNOWN |
ubuntu | 16.04 | noarch | curl | < 7.47.0-1ubuntu2.19+esm12 | UNKNOWN |
curl.se/docs/CVE-2024-2398.html
launchpad.net/bugs/cve/CVE-2024-2398
nvd.nist.gov/vuln/detail/CVE-2024-2398
security-tracker.debian.org/tracker/CVE-2024-2398
ubuntu.com/security/notices/USN-6718-1
ubuntu.com/security/notices/USN-6718-2
ubuntu.com/security/notices/USN-6718-3
www.cve.org/CVERecord?id=CVE-2024-2398