W0X42

**Name of the Vulnerable Software and Affected Versions** libcurl (affected versions not specified) **Description** The issue is related to a memory leak in libcurl when handling HTTP/2 server push. When the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push and inadvertently leaks memory. This error condition fails silently, making it difficult for applications to detect. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libcurl versions prior to 8.4.0 **Description** This issue allows an attacker to insert cookies at will into a running program using libcurl, if specific series of conditions are met. libcurl performs transfers and provides a function call that duplicates an easy handle called `curl easy duphandle`. If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none`. Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. **Recommendations** Update to libcurl version 8.4.0 or later to resolve the issue. As a temporary workaround, consider explicitly setting a source to load cookies from when using the `curl easy duphandle` function to avoid inadvertently loading cookies from a file named `none`.