When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.
Metrics
Affected Vendors & Products
References
History
Tue, 01 Oct 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:service_interconnect:1::el9 |
Thu, 26 Sep 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat service Interconnect
|
|
CPEs | cpe:/a:redhat:service_interconnect:1.4::el9 | |
Vendors & Products |
Redhat service Interconnect
|
Wed, 21 Aug 2024 06:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/o:redhat:enterprise_linux:8 |
Mon, 19 Aug 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat enterprise Linux
|
|
CPEs | cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat enterprise Linux
|
MITRE
Status: PUBLISHED
Assigner: curl
Published: 2024-03-27T07:55:48.524Z
Updated: 2024-08-01T19:11:53.566Z
Reserved: 2024-03-12T10:59:22.660Z
Link: CVE-2024-2398
Vulnrichment
Updated: 2024-08-01T19:11:53.566Z
NVD
Status : Awaiting Analysis
Published: 2024-03-27T08:15:41.283
Modified: 2024-11-21T09:09:39.960
Link: CVE-2024-2398
Redhat