Bug 2270500 (CVE-2024-2004)
Summary: | CVE-2024-2004 curl: Usage of disabled protocol | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Patrick Del Bello <pdelbell> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | aarif, agarcial, aoconnor, aprice, asegurap, bdettelb, caswilli, csutherl, dfreiber, dhalasz, dkuc, drow, fjansen, gsuckevi, hhorak, hkataria, jburrell, jclere, jmitchel, jorton, jsamir, jsherril, jtanner, kaycoth, kdudka, kshier, luhliari, luizcosta, mpierce, mturk, nweather, orabin, pjindal, plodge, psegedy, security-response-team, sidakwo, stcannon, sthirugn, szappis, vkrizan, vkumar, vmugicag, xiaoxwan, yguenane, zzhou |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | curl 8.7.0 | Doc Type: | --- |
Doc Text: |
A flaw was found in curl. When a protocol selection parameter disables all protocols without adding any, the default set of protocols remains in the allowed set due to a logic error, allowing usage of disabled protocols.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2271827, 2270501, 2271826 | ||
Bug Blocks: | 2270489 |
Description
Patrick Del Bello
2024-03-20 15:35:52 UTC
Created curl tracking bugs for this issue: Affects: fedora-all [bug 2271826] Created mingw-curl tracking bugs for this issue: Affects: fedora-all [bug 2271827] This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2024:2694 https://access.redhat.com/errata/RHSA-2024:2694 This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2024:2693 https://access.redhat.com/errata/RHSA-2024:2693 |