VDB
GCVE-110-MAGEIA-2024-360
GCVE-110-MAGEIA-2024-360
Advisory Published
When curl is asked to use HSTS, the expiry time for a subdomain might
overwrite a parent domain's cache entry, making it end sooner or later
than otherwise intended. This affects curl using applications that
enable HSTS and use URLs with the insecure HTTP:// scheme and perform
transfers with hosts like x.example.com as well as example.com where the
first host is a subdomain of the second host. This flaw also affects the
curl command line tool.
When triggered, this is a potential minor DoS security problem when
trying to use HTTPS when that no longer works or a cleartext
transmission of data that was otherwise intended to possibly be
protected.
This update fixes the issue so subdomains cannot affect the HSTS cache
of a parent domain.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | curl | 0 (affected), 7.88.1-4.4.mga9 (unaffected) | — |
Browse GCVE Records
73,866 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.