VDB
RHSA-2024%3A7213
RHSA-2024%3A7213
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64 as a component of 9Base-Service-Interconnect-1.4 | service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64 |
| Red Hat | service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64 as a component of 9Base-Service-Interconnect-1.4 | * |
| Red Hat | service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64 as a component of 9Base-Service-Interconnect-1.4 | service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64 |
| Red Hat | service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64 as a component of 9Base-Service-Interconnect-1.4 | service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64 |
| Red Hat | service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64 as a component of 9Base-Service-Interconnect-1.4 | service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64 |
| Red Hat | service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64 as a component of 9Base-Service-Interconnect-1.4 | service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64 |
Timeline
- Sep 26, 2024 CVE Published
- Apr 30, 2026 CVE Updated
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2024:7213 advisory
- https://access.redhat.com/security/updates/classification/#low advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2270498 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2279632 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2294676 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2294677 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2297771 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2302255 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7213.json advisory
- https://access.redhat.com/security/cve/CVE-2024-2398 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-2398 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-2398 advisory
- https://curl.se/docs/CVE-2024-2398.html advisory
- https://access.redhat.com/security/cve/CVE-2024-6119 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2306158 issue
- https://www.cve.org/CVERecord?id=CVE-2024-6119 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-6119 advisory
- https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj advisory
- https://access.redhat.com/security/cve/CVE-2024-6345 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-6345 advisory
…and 41 more