CVE-2024-2004

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions cURL versions (affected versions not specified)

Description The issue is related to an error in the logic for removing protocols when a protocol selection parameter option disables all protocols without adding any. This allows the default set of protocols to remain in the allowed set. The flaw can be demonstrated with the command curl --proto -all,-http http://curl.se, which performs a request to curl.se with a plaintext protocol that has been explicitly disabled. The curl security team has assessed this as a low severity bug, noting it is unlikely to be encountered in real situations due to its impractical use case.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-436CWE-115

Related Identifiers

ALT-PU-2024-4632

ALT-PU-2024-4692

ALT-PU-2024-6436

ALT-PU-2025-1416

AZL-37076

AZL-37087

AZL-37102

AZL-37114

AZL-37117

BDU:2024-02723

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2024-2004

JLSEC-2026-414

MGASA-2024-0099

OPENSUSE-SU-2024:13805-1

OPENSUSE-SU-2024_1151-1

RHSA-2024:2693

SUSE-SU-2024:1120-1

SUSE-SU-2024:1150-1

SUSE-SU-2024:1151-1

SUSE-SU-2024:1151-2

SUSE-SU-2024:1151-3

SUSE-SU-2024_1150-1

SUSE-SU-2024_1151-1

SUSE-SU-2024_1151-2

SUSE-SU-2025:20029-1

USN-6718-1

USN-6718-3

Affected Products

Alt Linux

Astra Linux

Ibm Aix

Linuxmint

Apple Macos

Red Os

Suse

Ubuntu

Curl

CVE-2024-2004

Weakness Enumeration

Related Identifiers

Affected Products

References · 351