SB2024092302 - Gentoo update for curl

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024092302

SB2024092302 - Gentoo update for curl

Published: September 23, 2024

Security Bulletin ID SB2024092302
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2023-46218)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in curl that allows a malicious HTTP server to set "super cookies" that are then passed back to more origins than what is otherwise allowed or possible. A remote attacker can force curl to send such cookie to different and unrelated sites and domains.


2) Missing Encryption of Sensitive Data (CVE-ID: CVE-2023-46219)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to an error when handling HSTS long file names. When saving HSTS data to an excessively long file name, curl can end up removing all contents from the file, making subsequent requests using that file unaware of the HSTS status they should otherwise use. As a result, a remote attacker can perform MitM attack.


3) Improper check for certificate revocation (CVE-ID: CVE-2024-0853)

The vulnerability allows a remote attacker to bypass OCSP verification.

The vulnerability exists due to curl inadvertently keeps the SSL session ID for connections in its cache even when the verify status (OCSP stapling) test has failed. A subsequent transfer to the same hostname will be successful if the session ID cache is still fresh, which leads to skipping the verify status check. As a result, OCSP verification is always successful for all subsequent TLS sessions.


4) Input validation error (CVE-ID: CVE-2024-2004)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to an error when a protocol selection parameter option disables all protocols without adding any. As a result, the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols.


5) Missing Release of Resource after Effective Lifetime (CVE-ID: CVE-2024-2398)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when sending HTTP/2 server push responses with an overly large number of headers. A remote attacker can send PUSH_PROMISE frames with an excessive amount of headers to the application, trigger memory leak and perform a denial of service (DoS) attack.


6) Improper validation of certificate with host mismatch (CVE-ID: CVE-2024-2466)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to libcurl does not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. A remote attacker force the application to completely skip the certificate check and perform MitM attack.


Remediation

Install update from vendor's website.

References