CVE-2024-2398
ADVISORY - nistSummary
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.
EPSS Score: 0.00046 (0.178)
Common Weakness Enumeration (CWE)
ADVISORY - nist
ADVISORY - redhat
Missing Release of Resource after Effective Lifetime
NIST
CREATED
UPDATED
ADVISORY IDCVE-2024-2398
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
8.6highAlpine
CREATED
UPDATED
ADVISORY IDCVE-2024-2398
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY
Debian
CREATED
UPDATED
ADVISORY IDCVE-2024-2398
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2024-2398
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumAlma
CREATED
UPDATED
ADVISORY IDALSA-2024:5654
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumAlma
CREATED
UPDATED
ADVISORY IDALSA-2024:5529
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumAmazon
CREATED
UPDATED
ADVISORY IDALAS2023-2024-596
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumAmazon
CREATED
UPDATED
ADVISORY IDALAS2-2024-2526
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2024-2398
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5mediumOracle
CREATED
UPDATED
ADVISORY IDELSA-2024-5529
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumOracle
CREATED
UPDATED
ADVISORY IDELSA-2024-5654
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-ww95-x7cj-gxrr
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY