CVE-2024-2398

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions libcurl (affected versions not specified)

Description The issue is related to a memory leak in libcurl when handling HTTP/2 server push. When the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push and inadvertently leaks memory. This error condition fails silently, making it difficult for applications to detect.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Leak

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-772

Related Identifiers

ALSA-2024:5529

ALSA-2024:5654

ALT-PU-2024-4632

ALT-PU-2024-4692

ALT-PU-2024-6436

ALT-PU-2025-1416

AZL-37069

AZL-37078

AZL-37088

AZL-37101

BDU:2024-02722

CESA-2024_5654

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2024-2398

INFSA-2024_5529

INFSA-2024_5654

JLSEC-2026-416

MGASA-2024-0099

OESA-2024-1412

OESA-2024-1480

OPENSUSE-SU-2024:13805-1

OPENSUSE-SU-2024_1151-1

RHSA-2024:2693

RHSA-2024:3998

RHSA-2024:5529

RHSA-2024:5654

RHSA-2024_5529

RHSA-2024_5654

SUSE-SU-2024:1120-1

SUSE-SU-2024:1150-1

SUSE-SU-2024:1151-1

SUSE-SU-2024:1151-2

SUSE-SU-2024:1151-3

SUSE-SU-2025:20029-1

USN-6718-1

USN-6718-2

USN-6718-3

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Ibm Aix

Linuxmint

Apple Macos

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libcurl

CVE-2024-2398

Weakness Enumeration

Related Identifiers

Affected Products

References · 367