Test ID:	1.3.6.1.4.1.25623.1.1.2.2024.2302
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-2302)
Summary:	The remote host is missing an update for the Huawei EulerOS 'curl' package(s) announced via the EulerOS-SA-2024-2302 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'curl' package(s) announced via the EulerOS-SA-2024-2302 advisory. Vulnerability Insight: When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.(CVE-2024-2398) Affected Software/OS: 'curl' package(s) on Huawei EulerOS Virtualization release 2.12.1. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-2398 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/ issue https://hackerone.com/reports/2402845 json https://curl.se/docs/CVE-2024-2398.json www https://curl.se/docs/CVE-2024-2398.html http://www.openwall.com/lists/oss-security/2024/03/27/3
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.