When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.
Cuando una aplicación le dice a libcurl que quiere permitir la inserción del servidor HTTP/2 y la cantidad de encabezados recibidos para la inserción supera el límite máximo permitido (1000), libcurl cancela la inserción del servidor. Al cancelar, libcurl inadvertidamente no libera todos los encabezados previamente asignados y, en cambio, pierde memoria. Además, esta condición de error falla silenciosamente y, por lo tanto, una aplicación no la detecta fácilmente.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | LOW |
| Availability Impact | LOW |
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Type: Secondary
Exploitability Score: 3.9
Impact Score: 4.7
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-772
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| haxx | curl | * | <built-in method update of dict object at 0x72a963c68780> | Application |
| apple | macos | * | <built-in method update of dict object at 0x72a963c6a500> | Operating System |
| apple | macos | * | <built-in method update of dict object at 0x72a963c68140> | Operating System |
| apple | macos | * | <built-in method update of dict object at 0x72a963c69600> | Operating System |
| fedoraproject | fedora | 39 | <built-in method update of dict object at 0x72a963c6b600> | Operating System |
| fedoraproject | fedora | 40 | <built-in method update of dict object at 0x72a963c68180> | Operating System |
| netapp | active_iq_unified_manager | - | <built-in method update of dict object at 0x72a999779c80> | Application |
| netapp | ontap_select_deploy_administration_utility | - | <built-in method update of dict object at 0x72a963c681c0> | Application |
| netapp | brocade_fabric_operating_system | - | <built-in method update of dict object at 0x72a963c6b200> | Operating System |
| netapp | bootstrap_os | - | <built-in method update of dict object at 0x72a963c6b500> | Operating System |
| netapp | h300s_firmware | - | <built-in method update of dict object at 0x72a963c69d80> | Operating System |
| netapp | h410s_firmware | - | <built-in method update of dict object at 0x72a963c6bf80> | Operating System |
| netapp | h500s_firmware | - | <built-in method update of dict object at 0x72a9cc76ea80> | Operating System |
| netapp | h610c_firmware | - | <built-in method update of dict object at 0x72a963c69dc0> | Operating System |
| netapp | h610s_firmware | - | <built-in method update of dict object at 0x72a963c6b580> | Operating System |
| netapp | h615c_firmware | - | <built-in method update of dict object at 0x72a99977ae40> | Operating System |
| netapp | h700s_firmware | - | <built-in method update of dict object at 0x72a963c69d00> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
| Yes | cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:netapp:brocade_fabric_operating_system:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* |