SB2024032713 - Multiple vulnerabilities in cURL

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024032713

SB2024032713 - Multiple vulnerabilities in cURL

Published: March 27, 2024

Security Bulletin ID SB2024032713
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Improper validation of certificate with host mismatch (CVE-ID: CVE-2024-2466)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to libcurl does not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. A remote attacker force the application to completely skip the certificate check and perform MitM attack.


2) Missing Release of Resource after Effective Lifetime (CVE-ID: CVE-2024-2398)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when sending HTTP/2 server push responses with an overly large number of headers. A remote attacker can send PUSH_PROMISE frames with an excessive amount of headers to the application, trigger memory leak and perform a denial of service (DoS) attack.


3) Improper Certificate Validation (CVE-ID: CVE-2024-2379)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper certificate validation for a QUIC connection under certain conditions, when built to use wolfSSL. A remote attacker can force the application to ignore the certificate and perform MitM attack.

Successful exploitation of the vulnerability requires that the used wolfSSL library was built with the OPENSSL_COMPATIBLE_DEFAULTS symbol set, which is not set for the recommended configure --enable-curl builds.


4) Input validation error (CVE-ID: CVE-2024-2004)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to an error when a protocol selection parameter option disables all protocols without adding any. As a result, the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols.


Remediation

Install update from vendor's website.

References