{"id":"USN-6718-3","summary":"curl vulnerabilities","details":"USN-6718-1 fixed vulnerabilities in curl. This update provides the\ncorresponding updates for Ubuntu 24.04 LTS.\n\nOriginal advisory details:\n\n Dan Fandrich discovered that curl would incorrectly use the default set of\n protocols when a parameter option disabled all protocols without adding\n any, contrary to expectations. This issue only affected Ubuntu 23.10.\n (CVE-2024-2004)\n \n It was discovered that curl incorrectly handled memory when limiting the\n amount of headers when HTTP/2 server push is allowed. A remote attacker\n could possibly use this issue to cause curl to consume resources, leading\n to a denial of service. (CVE-2024-2398)\n","modified":"2026-04-27T17:17:21.450620369Z","published":"2024-04-29T11:34:42Z","related":["UBUNTU-CVE-2024-2004","UBUNTU-CVE-2024-2398"],"upstream":["CVE-2024-2004","CVE-2024-2398","UBUNTU-CVE-2024-2004","UBUNTU-CVE-2024-2398"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6718-3"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-2004"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-2398"}],"affected":[{"package":{"name":"curl","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.5.0-2ubuntu10.1"}]}],"versions":["8.2.1-1ubuntu3","8.2.1-1ubuntu3.1","8.4.0-2ubuntu1","8.5.0-2ubuntu1","8.5.0-2ubuntu2","8.5.0-2ubuntu8","8.5.0-2ubuntu9","8.5.0-2ubuntu10"],"ecosystem_specific":{"binaries":[{"binary_name":"curl","binary_version":"8.5.0-2ubuntu10.1"},{"binary_name":"libcurl3t64-gnutls","binary_version":"8.5.0-2ubuntu10.1"},{"binary_name":"libcurl4t64","binary_version":"8.5.0-2ubuntu10.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6718-3.json","cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2024-2004"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-2398"}]}}}],"schema_version":"1.7.5"}