CVE-2024-2004 – Usage of disabled protocol
https://notcve.org/view.php?id=CVE-2024-2004
When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug. Cuando una opción de parámetro de selección de protocolo deshabilita todos los protocolos sin agregar ninguno, el conjunto predeterminado de protocolos permanecería en el conjunto permitido debido a un error en la lógica para eliminar protocolos. • http://www.openwall.com/lists/oss-security/2024/03/27/1 https://curl.se/docs/CVE-2024-2004.html https://curl.se/docs/CVE-2024-2004.json https://hackerone.com/reports/2384833 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI https://security.netapp.com/advisory/ntap-20240524-0006 https://support.apple.com/kb& • CWE-115: Misinterpretation of Input CWE-436: Interpretation Conflict •
CVE-2024-0853 – OCSP verification bypass with TLS session reuse
https://notcve.org/view.php?id=CVE-2024-0853
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check. curl inadvertidamente mantuvo el ID de sesión SSL para las conexiones en su caché incluso cuando falló la prueba de verificación del estado (*OCSP stapling*). Una transferencia posterior al mismo nombre de host podría tener éxito si la caché de ID de sesión aún estuviera actualizada, lo que luego omitiría la verificación de estado de verificación. • https://curl.se/docs/CVE-2024-0853.html https://curl.se/docs/CVE-2024-0853.json https://hackerone.com/reports/2298922 https://security.netapp.com/advisory/ntap-20240307-0004 https://security.netapp.com/advisory/ntap-20240426-0009 https://security.netapp.com/advisory/ntap-20240503-0012 • CWE-295: Improper Certificate Validation •