suse-su-2024:1120-1
Vulnerability from csaf_suse
Published
2024-04-05 12:03
Modified
2024-04-05 12:03
Summary
Security update for curl
Notes
Title of the patch
Security update for curl
Description of the patch
This update for curl fixes the following issues:
- CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)
- CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)
Patchnames
SUSE-2024-1120,SUSE-SUSE-MicroOS-5.1-2024-1120,SUSE-SUSE-MicroOS-5.2-2024-1120
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for curl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for curl fixes the following issues:\n\n- CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)\n- CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1120,SUSE-SUSE-MicroOS-5.1-2024-1120,SUSE-SUSE-MicroOS-5.2-2024-1120",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1120-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1120-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241120-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1120-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/034853.html"
},
{
"category": "self",
"summary": "SUSE Bug 1221665",
"url": "https://bugzilla.suse.com/1221665"
},
{
"category": "self",
"summary": "SUSE Bug 1221667",
"url": "https://bugzilla.suse.com/1221667"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2004 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2398 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2398/"
}
],
"title": "Security update for curl",
"tracking": {
"current_release_date": "2024-04-05T12:03:51Z",
"generator": {
"date": "2024-04-05T12:03:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1120-1",
"initial_release_date": "2024-04-05T12:03:51Z",
"revision_history": [
{
"date": "2024-04-05T12:03:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "curl-7.66.0-150200.4.69.1.aarch64",
"product": {
"name": "curl-7.66.0-150200.4.69.1.aarch64",
"product_id": "curl-7.66.0-150200.4.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "curl-mini-7.66.0-150200.4.69.1.aarch64",
"product": {
"name": "curl-mini-7.66.0-150200.4.69.1.aarch64",
"product_id": "curl-mini-7.66.0-150200.4.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.66.0-150200.4.69.1.aarch64",
"product": {
"name": "libcurl-devel-7.66.0-150200.4.69.1.aarch64",
"product_id": "libcurl-devel-7.66.0-150200.4.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-mini-devel-7.66.0-150200.4.69.1.aarch64",
"product": {
"name": "libcurl-mini-devel-7.66.0-150200.4.69.1.aarch64",
"product_id": "libcurl-mini-devel-7.66.0-150200.4.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.66.0-150200.4.69.1.aarch64",
"product": {
"name": "libcurl4-7.66.0-150200.4.69.1.aarch64",
"product_id": "libcurl4-7.66.0-150200.4.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-mini-7.66.0-150200.4.69.1.aarch64",
"product": {
"name": "libcurl4-mini-7.66.0-150200.4.69.1.aarch64",
"product_id": "libcurl4-mini-7.66.0-150200.4.69.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libcurl-devel-64bit-7.66.0-150200.4.69.1.aarch64_ilp32",
"product": {
"name": "libcurl-devel-64bit-7.66.0-150200.4.69.1.aarch64_ilp32",
"product_id": "libcurl-devel-64bit-7.66.0-150200.4.69.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libcurl4-64bit-7.66.0-150200.4.69.1.aarch64_ilp32",
"product": {
"name": "libcurl4-64bit-7.66.0-150200.4.69.1.aarch64_ilp32",
"product_id": "libcurl4-64bit-7.66.0-150200.4.69.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.66.0-150200.4.69.1.i586",
"product": {
"name": "curl-7.66.0-150200.4.69.1.i586",
"product_id": "curl-7.66.0-150200.4.69.1.i586"
}
},
{
"category": "product_version",
"name": "curl-mini-7.66.0-150200.4.69.1.i586",
"product": {
"name": "curl-mini-7.66.0-150200.4.69.1.i586",
"product_id": "curl-mini-7.66.0-150200.4.69.1.i586"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.66.0-150200.4.69.1.i586",
"product": {
"name": "libcurl-devel-7.66.0-150200.4.69.1.i586",
"product_id": "libcurl-devel-7.66.0-150200.4.69.1.i586"
}
},
{
"category": "product_version",
"name": "libcurl-mini-devel-7.66.0-150200.4.69.1.i586",
"product": {
"name": "libcurl-mini-devel-7.66.0-150200.4.69.1.i586",
"product_id": "libcurl-mini-devel-7.66.0-150200.4.69.1.i586"
}
},
{
"category": "product_version",
"name": "libcurl4-7.66.0-150200.4.69.1.i586",
"product": {
"name": "libcurl4-7.66.0-150200.4.69.1.i586",
"product_id": "libcurl4-7.66.0-150200.4.69.1.i586"
}
},
{
"category": "product_version",
"name": "libcurl4-mini-7.66.0-150200.4.69.1.i586",
"product": {
"name": "libcurl4-mini-7.66.0-150200.4.69.1.i586",
"product_id": "libcurl4-mini-7.66.0-150200.4.69.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.66.0-150200.4.69.1.ppc64le",
"product": {
"name": "curl-7.66.0-150200.4.69.1.ppc64le",
"product_id": "curl-7.66.0-150200.4.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "curl-mini-7.66.0-150200.4.69.1.ppc64le",
"product": {
"name": "curl-mini-7.66.0-150200.4.69.1.ppc64le",
"product_id": "curl-mini-7.66.0-150200.4.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.66.0-150200.4.69.1.ppc64le",
"product": {
"name": "libcurl-devel-7.66.0-150200.4.69.1.ppc64le",
"product_id": "libcurl-devel-7.66.0-150200.4.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-mini-devel-7.66.0-150200.4.69.1.ppc64le",
"product": {
"name": "libcurl-mini-devel-7.66.0-150200.4.69.1.ppc64le",
"product_id": "libcurl-mini-devel-7.66.0-150200.4.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-7.66.0-150200.4.69.1.ppc64le",
"product": {
"name": "libcurl4-7.66.0-150200.4.69.1.ppc64le",
"product_id": "libcurl4-7.66.0-150200.4.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-mini-7.66.0-150200.4.69.1.ppc64le",
"product": {
"name": "libcurl4-mini-7.66.0-150200.4.69.1.ppc64le",
"product_id": "libcurl4-mini-7.66.0-150200.4.69.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.66.0-150200.4.69.1.s390x",
"product": {
"name": "curl-7.66.0-150200.4.69.1.s390x",
"product_id": "curl-7.66.0-150200.4.69.1.s390x"
}
},
{
"category": "product_version",
"name": "curl-mini-7.66.0-150200.4.69.1.s390x",
"product": {
"name": "curl-mini-7.66.0-150200.4.69.1.s390x",
"product_id": "curl-mini-7.66.0-150200.4.69.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.66.0-150200.4.69.1.s390x",
"product": {
"name": "libcurl-devel-7.66.0-150200.4.69.1.s390x",
"product_id": "libcurl-devel-7.66.0-150200.4.69.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-mini-devel-7.66.0-150200.4.69.1.s390x",
"product": {
"name": "libcurl-mini-devel-7.66.0-150200.4.69.1.s390x",
"product_id": "libcurl-mini-devel-7.66.0-150200.4.69.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-7.66.0-150200.4.69.1.s390x",
"product": {
"name": "libcurl4-7.66.0-150200.4.69.1.s390x",
"product_id": "libcurl4-7.66.0-150200.4.69.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-mini-7.66.0-150200.4.69.1.s390x",
"product": {
"name": "libcurl4-mini-7.66.0-150200.4.69.1.s390x",
"product_id": "libcurl4-mini-7.66.0-150200.4.69.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.66.0-150200.4.69.1.x86_64",
"product": {
"name": "curl-7.66.0-150200.4.69.1.x86_64",
"product_id": "curl-7.66.0-150200.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "curl-mini-7.66.0-150200.4.69.1.x86_64",
"product": {
"name": "curl-mini-7.66.0-150200.4.69.1.x86_64",
"product_id": "curl-mini-7.66.0-150200.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.66.0-150200.4.69.1.x86_64",
"product": {
"name": "libcurl-devel-7.66.0-150200.4.69.1.x86_64",
"product_id": "libcurl-devel-7.66.0-150200.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-7.66.0-150200.4.69.1.x86_64",
"product": {
"name": "libcurl-devel-32bit-7.66.0-150200.4.69.1.x86_64",
"product_id": "libcurl-devel-32bit-7.66.0-150200.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-mini-devel-7.66.0-150200.4.69.1.x86_64",
"product": {
"name": "libcurl-mini-devel-7.66.0-150200.4.69.1.x86_64",
"product_id": "libcurl-mini-devel-7.66.0-150200.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.66.0-150200.4.69.1.x86_64",
"product": {
"name": "libcurl4-7.66.0-150200.4.69.1.x86_64",
"product_id": "libcurl4-7.66.0-150200.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.66.0-150200.4.69.1.x86_64",
"product": {
"name": "libcurl4-32bit-7.66.0-150200.4.69.1.x86_64",
"product_id": "libcurl4-32bit-7.66.0-150200.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-mini-7.66.0-150200.4.69.1.x86_64",
"product": {
"name": "libcurl4-mini-7.66.0-150200.4.69.1.x86_64",
"product_id": "libcurl4-mini-7.66.0-150200.4.69.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.66.0-150200.4.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.aarch64"
},
"product_reference": "curl-7.66.0-150200.4.69.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.66.0-150200.4.69.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.s390x"
},
"product_reference": "curl-7.66.0-150200.4.69.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.66.0-150200.4.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.x86_64"
},
"product_reference": "curl-7.66.0-150200.4.69.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.66.0-150200.4.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.aarch64"
},
"product_reference": "libcurl4-7.66.0-150200.4.69.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.66.0-150200.4.69.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.s390x"
},
"product_reference": "libcurl4-7.66.0-150200.4.69.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.66.0-150200.4.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.x86_64"
},
"product_reference": "libcurl4-7.66.0-150200.4.69.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.66.0-150200.4.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.aarch64"
},
"product_reference": "curl-7.66.0-150200.4.69.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.66.0-150200.4.69.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.s390x"
},
"product_reference": "curl-7.66.0-150200.4.69.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.66.0-150200.4.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.x86_64"
},
"product_reference": "curl-7.66.0-150200.4.69.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.66.0-150200.4.69.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.aarch64"
},
"product_reference": "libcurl4-7.66.0-150200.4.69.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.66.0-150200.4.69.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.s390x"
},
"product_reference": "libcurl4-7.66.0-150200.4.69.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.66.0-150200.4.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.x86_64"
},
"product_reference": "libcurl4-7.66.0-150200.4.69.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-2004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2004"
}
],
"notes": [
{
"category": "general",
"text": "When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2004",
"url": "https://www.suse.com/security/cve/CVE-2024-2004"
},
{
"category": "external",
"summary": "SUSE Bug 1221665 for CVE-2024-2004",
"url": "https://bugzilla.suse.com/1221665"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-05T12:03:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-2004"
},
{
"cve": "CVE-2024-2398",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2398"
}
],
"notes": [
{
"category": "general",
"text": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2398",
"url": "https://www.suse.com/security/cve/CVE-2024-2398"
},
{
"category": "external",
"summary": "SUSE Bug 1221667 for CVE-2024-2398",
"url": "https://bugzilla.suse.com/1221667"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:curl-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libcurl4-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:curl-7.66.0-150200.4.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libcurl4-7.66.0-150200.4.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-05T12:03:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-2398"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…