UBUNTU-CVE-2024-2398
- Source
- https://ubuntu.com/security/CVE-2024-2398
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-2398.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-2398
- Related
- Published
- 2024-03-27T07:00:00Z
- Modified
- 2025-06-02T17:24:35Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.47.0-1ubuntu2.19+esm12?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.47.0-1ubuntu2.19+esm12
Affected versions
7.*
7.43.0-1ubuntu2
7.45.0-1ubuntu1
7.46.0-1ubuntu1
7.47.0-1ubuntu1
7.47.0-1ubuntu2
7.47.0-1ubuntu2.1
7.47.0-1ubuntu2.2
7.47.0-1ubuntu2.3
7.47.0-1ubuntu2.4
7.47.0-1ubuntu2.5
7.47.0-1ubuntu2.6
7.47.0-1ubuntu2.7
7.47.0-1ubuntu2.8
7.47.0-1ubuntu2.9
7.47.0-1ubuntu2.11
7.47.0-1ubuntu2.12
7.47.0-1ubuntu2.13
7.47.0-1ubuntu2.14
7.47.0-1ubuntu2.15
7.47.0-1ubuntu2.16
7.47.0-1ubuntu2.18
7.47.0-1ubuntu2.19
7.47.0-1ubuntu2.19+esm1
7.47.0-1ubuntu2.19+esm2
7.47.0-1ubuntu2.19+esm3
7.47.0-1ubuntu2.19+esm4
7.47.0-1ubuntu2.19+esm5
7.47.0-1ubuntu2.19+esm6
7.47.0-1ubuntu2.19+esm7
7.47.0-1ubuntu2.19+esm8
7.47.0-1ubuntu2.19+esm9
7.47.0-1ubuntu2.19+esm10
7.47.0-1ubuntu2.19+esm11
Ecosystem specific
{
"binaries": [
{
"binary_name": "curl",
"binary_version": "7.47.0-1ubuntu2.19+esm12"
},
{
"binary_name": "curl-dbgsym",
"binary_version": "7.47.0-1ubuntu2.19+esm12"
},
{
"binary_name": "libcurl3",
"binary_version": "7.47.0-1ubuntu2.19+esm12"
},
{
"binary_name": "libcurl3-dbg",
"binary_version": "7.47.0-1ubuntu2.19+esm12"
},
{
"binary_name": "libcurl3-dbgsym",
"binary_version": "7.47.0-1ubuntu2.19+esm12"
},
{
"binary_name": "libcurl3-gnutls",
"binary_version": "7.47.0-1ubuntu2.19+esm12"
},
{
"binary_name": "libcurl3-gnutls-dbgsym",
"binary_version": "7.47.0-1ubuntu2.19+esm12"
},
{
"binary_name": "libcurl3-nss",
"binary_version": "7.47.0-1ubuntu2.19+esm12"
},
{
"binary_name": "libcurl3-nss-dbgsym",
"binary_version": "7.47.0-1ubuntu2.19+esm12"
},
{
"binary_name": "libcurl4-doc",
"binary_version": "7.47.0-1ubuntu2.19+esm12"
},
{
"binary_name": "libcurl4-gnutls-dev",
"binary_version": "7.47.0-1ubuntu2.19+esm12"
},
{
"binary_name": "libcurl4-gnutls-dev-dbgsym",
"binary_version": "7.47.0-1ubuntu2.19+esm12"
},
{
"binary_name": "libcurl4-nss-dev",
"binary_version": "7.47.0-1ubuntu2.19+esm12"
},
{
"binary_name": "libcurl4-nss-dev-dbgsym",
"binary_version": "7.47.0-1ubuntu2.19+esm12"
},
{
"binary_name": "libcurl4-openssl-dev",
"binary_version": "7.47.0-1ubuntu2.19+esm12"
},
{
"binary_name": "libcurl4-openssl-dev-dbgsym",
"binary_version": "7.47.0-1ubuntu2.19+esm12"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium"
}
Ubuntu:Pro:18.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.58.0-2ubuntu3.24+esm4?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.58.0-2ubuntu3.24+esm4
Affected versions
7.*
7.55.1-1ubuntu2
7.55.1-1ubuntu2.1
7.57.0-1ubuntu1
7.58.0-2ubuntu1
7.58.0-2ubuntu2
7.58.0-2ubuntu3
7.58.0-2ubuntu3.1
7.58.0-2ubuntu3.2
7.58.0-2ubuntu3.3
7.58.0-2ubuntu3.5
7.58.0-2ubuntu3.6
7.58.0-2ubuntu3.7
7.58.0-2ubuntu3.8
7.58.0-2ubuntu3.9
7.58.0-2ubuntu3.10
7.58.0-2ubuntu3.12
7.58.0-2ubuntu3.13
7.58.0-2ubuntu3.14
7.58.0-2ubuntu3.15
7.58.0-2ubuntu3.16
7.58.0-2ubuntu3.17
7.58.0-2ubuntu3.18
7.58.0-2ubuntu3.19
7.58.0-2ubuntu3.20
7.58.0-2ubuntu3.21
7.58.0-2ubuntu3.22
7.58.0-2ubuntu3.23
7.58.0-2ubuntu3.24
7.58.0-2ubuntu3.24+esm1
7.58.0-2ubuntu3.24+esm2
7.58.0-2ubuntu3.24+esm3
Ecosystem specific
{
"binaries": [
{
"binary_name": "curl",
"binary_version": "7.58.0-2ubuntu3.24+esm4"
},
{
"binary_name": "curl-dbgsym",
"binary_version": "7.58.0-2ubuntu3.24+esm4"
},
{
"binary_name": "libcurl3-gnutls",
"binary_version": "7.58.0-2ubuntu3.24+esm4"
},
{
"binary_name": "libcurl3-gnutls-dbgsym",
"binary_version": "7.58.0-2ubuntu3.24+esm4"
},
{
"binary_name": "libcurl3-nss",
"binary_version": "7.58.0-2ubuntu3.24+esm4"
},
{
"binary_name": "libcurl3-nss-dbgsym",
"binary_version": "7.58.0-2ubuntu3.24+esm4"
},
{
"binary_name": "libcurl4",
"binary_version": "7.58.0-2ubuntu3.24+esm4"
},
{
"binary_name": "libcurl4-dbgsym",
"binary_version": "7.58.0-2ubuntu3.24+esm4"
},
{
"binary_name": "libcurl4-doc",
"binary_version": "7.58.0-2ubuntu3.24+esm4"
},
{
"binary_name": "libcurl4-gnutls-dev",
"binary_version": "7.58.0-2ubuntu3.24+esm4"
},
{
"binary_name": "libcurl4-nss-dev",
"binary_version": "7.58.0-2ubuntu3.24+esm4"
},
{
"binary_name": "libcurl4-openssl-dev",
"binary_version": "7.58.0-2ubuntu3.24+esm4"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium"
}
Ubuntu:20.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.68.0-1ubuntu2.22?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.68.0-1ubuntu2.22
Affected versions
7.*
7.65.3-1ubuntu3
7.65.3-1ubuntu4
7.66.0-1ubuntu1
7.67.0-2ubuntu1
7.68.0-1ubuntu1
7.68.0-1ubuntu2
7.68.0-1ubuntu2.1
7.68.0-1ubuntu2.2
7.68.0-1ubuntu2.4
7.68.0-1ubuntu2.5
7.68.0-1ubuntu2.6
7.68.0-1ubuntu2.7
7.68.0-1ubuntu2.10
7.68.0-1ubuntu2.11
7.68.0-1ubuntu2.12
7.68.0-1ubuntu2.13
7.68.0-1ubuntu2.14
7.68.0-1ubuntu2.15
7.68.0-1ubuntu2.16
7.68.0-1ubuntu2.18
7.68.0-1ubuntu2.19
7.68.0-1ubuntu2.20
7.68.0-1ubuntu2.21
Ecosystem specific
{
"binaries": [
{
"binary_name": "curl",
"binary_version": "7.68.0-1ubuntu2.22"
},
{
"binary_name": "curl-dbgsym",
"binary_version": "7.68.0-1ubuntu2.22"
},
{
"binary_name": "libcurl3-gnutls",
"binary_version": "7.68.0-1ubuntu2.22"
},
{
"binary_name": "libcurl3-gnutls-dbgsym",
"binary_version": "7.68.0-1ubuntu2.22"
},
{
"binary_name": "libcurl3-nss",
"binary_version": "7.68.0-1ubuntu2.22"
},
{
"binary_name": "libcurl3-nss-dbgsym",
"binary_version": "7.68.0-1ubuntu2.22"
},
{
"binary_name": "libcurl4",
"binary_version": "7.68.0-1ubuntu2.22"
},
{
"binary_name": "libcurl4-dbgsym",
"binary_version": "7.68.0-1ubuntu2.22"
},
{
"binary_name": "libcurl4-doc",
"binary_version": "7.68.0-1ubuntu2.22"
},
{
"binary_name": "libcurl4-gnutls-dev",
"binary_version": "7.68.0-1ubuntu2.22"
},
{
"binary_name": "libcurl4-nss-dev",
"binary_version": "7.68.0-1ubuntu2.22"
},
{
"binary_name": "libcurl4-openssl-dev",
"binary_version": "7.68.0-1ubuntu2.22"
}
],
"availability": "No subscription required",
"ubuntu_priority": "medium"
}
Ubuntu:22.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.16?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.81.0-1ubuntu1.16
Affected versions
7.*
7.74.0-1.3ubuntu2
7.74.0-1.3ubuntu3
7.80.0-3
7.81.0-1
7.81.0-1ubuntu1.1
7.81.0-1ubuntu1.2
7.81.0-1ubuntu1.3
7.81.0-1ubuntu1.4
7.81.0-1ubuntu1.6
7.81.0-1ubuntu1.7
7.81.0-1ubuntu1.8
7.81.0-1ubuntu1.10
7.81.0-1ubuntu1.11
7.81.0-1ubuntu1.13
7.81.0-1ubuntu1.14
7.81.0-1ubuntu1.15
Ecosystem specific
{
"binaries": [
{
"binary_name": "curl",
"binary_version": "7.81.0-1ubuntu1.16"
},
{
"binary_name": "curl-dbgsym",
"binary_version": "7.81.0-1ubuntu1.16"
},
{
"binary_name": "libcurl3-gnutls",
"binary_version": "7.81.0-1ubuntu1.16"
},
{
"binary_name": "libcurl3-gnutls-dbgsym",
"binary_version": "7.81.0-1ubuntu1.16"
},
{
"binary_name": "libcurl3-nss",
"binary_version": "7.81.0-1ubuntu1.16"
},
{
"binary_name": "libcurl3-nss-dbgsym",
"binary_version": "7.81.0-1ubuntu1.16"
},
{
"binary_name": "libcurl4",
"binary_version": "7.81.0-1ubuntu1.16"
},
{
"binary_name": "libcurl4-dbgsym",
"binary_version": "7.81.0-1ubuntu1.16"
},
{
"binary_name": "libcurl4-doc",
"binary_version": "7.81.0-1ubuntu1.16"
},
{
"binary_name": "libcurl4-gnutls-dev",
"binary_version": "7.81.0-1ubuntu1.16"
},
{
"binary_name": "libcurl4-nss-dev",
"binary_version": "7.81.0-1ubuntu1.16"
},
{
"binary_name": "libcurl4-openssl-dev",
"binary_version": "7.81.0-1ubuntu1.16"
}
],
"availability": "No subscription required",
"ubuntu_priority": "medium"
}
Ubuntu:24.10 / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.1?arch=source&distro=oracular
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.5.0-2ubuntu10.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "curl",
"binary_version": "8.5.0-2ubuntu10.1"
},
{
"binary_name": "curl-dbgsym",
"binary_version": "8.5.0-2ubuntu10.1"
},
{
"binary_name": "libcurl3t64-gnutls",
"binary_version": "8.5.0-2ubuntu10.1"
},
{
"binary_name": "libcurl3t64-gnutls-dbgsym",
"binary_version": "8.5.0-2ubuntu10.1"
},
{
"binary_name": "libcurl4-doc",
"binary_version": "8.5.0-2ubuntu10.1"
},
{
"binary_name": "libcurl4-gnutls-dev",
"binary_version": "8.5.0-2ubuntu10.1"
},
{
"binary_name": "libcurl4-openssl-dev",
"binary_version": "8.5.0-2ubuntu10.1"
},
{
"binary_name": "libcurl4t64",
"binary_version": "8.5.0-2ubuntu10.1"
},
{
"binary_name": "libcurl4t64-dbgsym",
"binary_version": "8.5.0-2ubuntu10.1"
}
],
"availability": "No subscription required",
"ubuntu_priority": "medium"
}
Ubuntu:24.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.5.0-2ubuntu10.1
Affected versions
8.*
8.2.1-1ubuntu3
8.2.1-1ubuntu3.1
8.4.0-2ubuntu1
8.5.0-2ubuntu1
8.5.0-2ubuntu2
8.5.0-2ubuntu8
8.5.0-2ubuntu9
8.5.0-2ubuntu10
Ecosystem specific
{
"binaries": [
{
"binary_name": "curl",
"binary_version": "8.5.0-2ubuntu10.1"
},
{
"binary_name": "curl-dbgsym",
"binary_version": "8.5.0-2ubuntu10.1"
},
{
"binary_name": "libcurl3t64-gnutls",
"binary_version": "8.5.0-2ubuntu10.1"
},
{
"binary_name": "libcurl3t64-gnutls-dbgsym",
"binary_version": "8.5.0-2ubuntu10.1"
},
{
"binary_name": "libcurl4-doc",
"binary_version": "8.5.0-2ubuntu10.1"
},
{
"binary_name": "libcurl4-gnutls-dev",
"binary_version": "8.5.0-2ubuntu10.1"
},
{
"binary_name": "libcurl4-openssl-dev",
"binary_version": "8.5.0-2ubuntu10.1"
},
{
"binary_name": "libcurl4t64",
"binary_version": "8.5.0-2ubuntu10.1"
},
{
"binary_name": "libcurl4t64-dbgsym",
"binary_version": "8.5.0-2ubuntu10.1"
}
],
"availability": "No subscription required",
"ubuntu_priority": "medium"
}