CVE-2024-2466 – TLS certificate check bypass with mbedTLS
https://notcve.org/view.php?id=CVE-2024-2466
libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc). libcurl no verificó el certificado del servidor de las conexiones TLS realizadas a un host especificado como dirección IP, cuando se creó para usar mbedTLS. libcurl evitaría erróneamente el uso de la función establecer nombre de host cuando el nombre de host especificado se proporcionara como dirección IP, por lo que se saltaría por completo la verificación del certificado. Esto afecta a todos los usos de los protocolos TLS (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc). A flaw was found in curl. • http://www.openwall.com/lists/oss-security/2024/03/27/4 https://curl.se/docs/CVE-2024-2466.html https://curl.se/docs/CVE-2024-2466.json https://hackerone.com/reports/2416725 https://security.netapp.com/advisory/ntap-20240503-0010 https://support.apple.com/kb/HT214119 https://support.apple.com/kb/HT214118 https://support.apple.com/kb/HT214120 http://seclists.org/fulldisclosure/2024/Jul/20 http://seclists.org/fulldisclosure/2024/Jul/18 http://seclists.org/ful • CWE-297: Improper Validation of Certificate with Host Mismatch •
CVE-2024-2379 – QUIC certificate check bypass with wolfSSL
https://notcve.org/view.php?id=CVE-2024-2379
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. libcurl omite la verificación del certificado para una conexión QUIC bajo ciertas condiciones, cuando está diseñado para usar wolfSSL. Si se le indica que utilice un cifrado o curva desconocido/incorrecto, la ruta de error omite accidentalmente la verificación y devuelve OK, ignorando así cualquier problema de certificado. A flaw was found in curl. When libcurl is built to use wolfSSL as the TLS backend, it skips certificate verification for a QUIC connection if an unknown/bad cipher or curve is used. • http://www.openwall.com/lists/oss-security/2024/03/27/2 https://curl.se/docs/CVE-2024-2379.html https://curl.se/docs/CVE-2024-2379.json https://hackerone.com/reports/2410774 https://security.netapp.com/advisory/ntap-20240531-0001 https://support.apple.com/kb/HT214119 https://support.apple.com/kb/HT214118 https://support.apple.com/kb/HT214120 http://seclists.org/fulldisclosure/2024/Jul/20 http://seclists.org/fulldisclosure/2024/Jul/18 http://seclists.org/ful • CWE-295: Improper Certificate Validation •
CVE-2024-2398 – HTTP/2 push headers memory-leak
https://notcve.org/view.php?id=CVE-2024-2398
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application. Cuando una aplicación le dice a libcurl que quiere permitir la inserción del servidor HTTP/2 y la cantidad de encabezados recibidos para la inserción supera el límite máximo permitido (1000), libcurl cancela la inserción del servidor. Al cancelar, libcurl inadvertidamente no libera todos los encabezados previamente asignados y, en cambio, pierde memoria. • http://www.openwall.com/lists/oss-security/2024/03/27/3 https://curl.se/docs/CVE-2024-2398.html https://curl.se/docs/CVE-2024-2398.json https://hackerone.com/reports/2402845 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI https://security.netapp.com/advisory/ntap-20240503-0009 https://support.apple.com/kb& • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2024-2004 – Usage of disabled protocol
https://notcve.org/view.php?id=CVE-2024-2004
When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug. Cuando una opción de parámetro de selección de protocolo deshabilita todos los protocolos sin agregar ninguno, el conjunto predeterminado de protocolos permanecería en el conjunto permitido debido a un error en la lógica para eliminar protocolos. • http://www.openwall.com/lists/oss-security/2024/03/27/1 https://curl.se/docs/CVE-2024-2004.html https://curl.se/docs/CVE-2024-2004.json https://hackerone.com/reports/2384833 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI https://security.netapp.com/advisory/ntap-20240524-0006 https://support.apple.com/kb& • CWE-115: Misinterpretation of Input CWE-436: Interpretation Conflict •
CVE-2021-30134
https://notcve.org/view.php?id=CVE-2021-30134
php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. php-mod/curl (un contenedor de la extensión PHP cURL) anterior a 2.3.2 permite XSS a través del parámetro clave post_file_path_upload.php y los datos POST en post_multidimensional.php. • https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •