3.5

CVE-2024-2004

Exploit

EPSS 0.91%
Published 27.03.2024 08:15:41
Last modified 30.07.2025 19:42:14
Source 2499f714-1537-4658-8207-48ae4b
Teams watchlist Login
Open Login

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled.      curl --proto -all,-http http://curl.se  The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.

Affected products Warnungen 0 Metrics 2 CWE 1 References 16

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Haxx ≫ Curl Version >= 7.85.0 < 8.7.0

Fedoraproject ≫ Fedora Version39

Fedoraproject ≫ Fedora Version40

Apple ≫ macOS Version < 12.7.6

Apple ≫ macOS Version >= 13.0 < 13.6.8

Apple ≫ macOS Version >= 14.0 < 14.6

Netapp ≫ Ontap Version9

Netapp ≫ Ontap Select Deploy Administration Utility Version-

Netapp ≫ Bootstrap Os Version-

Netapp ≫ Hci Compute Node Version-

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.91%	0.75

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	3.5	2.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CWE-436 Interpretation Conflict

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

http://seclists.org/fulldisclosure/2024/Jul/18

Third Party Advisory

Mailing List

https://support.apple.com/kb/HT214119

Vendor Advisory

Release Notes

http://seclists.org/fulldisclosure/2024/Jul/19

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2024/Jul/20

Third Party Advisory

Mailing List

https://support.apple.com/kb/HT214118

Vendor Advisory

Release Notes

https://support.apple.com/kb/HT214120

Vendor Advisory

Release Notes

http://www.openwall.com/lists/oss-security/2024/03/27/1

Third Party Advisory

Mailing List

https://curl.se/docs/CVE-2024-2004.html

Vendor Advisory

https://curl.se/docs/CVE-2024-2004.json

Vendor Advisory

https://hackerone.com/reports/2384833

Third Party Advisory

Exploit

Issue Tracking

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20240524-0006/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-2004

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2004

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2004

EUVD