Search

Find a vulnerability

Search criteria

    70 vulnerabilities found for h615c_firmware by netapp

    CVE-2025-0167 (GCVE-0-2025-0167)

    Vulnerability from nvd – Published: 2025-02-05 09:15 – Updated: 2025-03-07 00:10
    VLAI
    Title
    netrc and default credential leak
    Summary
    When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Create a notification for this product.
    Credits
    Yihang Zhou Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.4,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0167",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-05T15:52:41.551530Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T14:48:00.488Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://curl.se/docs/CVE-2025-0167.html"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-03-07T00:10:48.290Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250306-0008/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Yihang Zhou"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When asked to use a `.netrc` file for credentials **and** to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has a `default` entry that\nomits both login and password. A rare circumstance."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-05T09:15:06.891Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2025-0167.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2025-0167.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/2917232"
            }
          ],
          "title": "netrc and default credential leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2025-0167",
        "datePublished": "2025-02-05T09:15:06.891Z",
        "dateReserved": "2024-12-31T23:07:29.650Z",
        "dateUpdated": "2025-03-07T00:10:48.290Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-11053 (GCVE-0-2024-11053)

    Vulnerability from nvd – Published: 2024-12-11 07:34 – Updated: 2025-11-03 20:36
    VLAI
    Title
    netrc and redirect credential leak
    Summary
    When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Affected: 7.14.0 , ≤ 7.14.0 (semver)
    Affected: 7.13.2 , ≤ 7.13.2 (semver)
    Affected: 7.13.1 , ≤ 7.13.1 (semver)
    Affected: 7.13.0 , ≤ 7.13.0 (semver)
    Affected: 7.12.3 , ≤ 7.12.3 (semver)
    Affected: 7.12.2 , ≤ 7.12.2 (semver)
    Affected: 7.12.1 , ≤ 7.12.1 (semver)
    Affected: 7.12.0 , ≤ 7.12.0 (semver)
    Affected: 7.11.2 , ≤ 7.11.2 (semver)
    Affected: 7.11.1 , ≤ 7.11.1 (semver)
    Affected: 7.11.0 , ≤ 7.11.0 (semver)
    Affected: 7.10.8 , ≤ 7.10.8 (semver)
    Affected: 7.10.7 , ≤ 7.10.7 (semver)
    Affected: 7.10.6 , ≤ 7.10.6 (semver)
    Affected: 7.10.5 , ≤ 7.10.5 (semver)
    Affected: 7.10.4 , ≤ 7.10.4 (semver)
    Affected: 7.10.3 , ≤ 7.10.3 (semver)
    Affected: 7.10.2 , ≤ 7.10.2 (semver)
    Affected: 7.10.1 , ≤ 7.10.1 (semver)
    Affected: 7.10 , ≤ 7.10 (semver)
    Affected: 7.9.8 , ≤ 7.9.8 (semver)
    Affected: 7.9.7 , ≤ 7.9.7 (semver)
    Affected: 7.9.6 , ≤ 7.9.6 (semver)
    Affected: 7.9.5 , ≤ 7.9.5 (semver)
    Affected: 7.9.4 , ≤ 7.9.4 (semver)
    Affected: 7.9.3 , ≤ 7.9.3 (semver)
    Affected: 7.9.2 , ≤ 7.9.2 (semver)
    Affected: 7.9.1 , ≤ 7.9.1 (semver)
    Affected: 7.9 , ≤ 7.9 (semver)
    Affected: 7.8.1 , ≤ 7.8.1 (semver)
    Affected: 7.8 , ≤ 7.8 (semver)
    Affected: 7.7.3 , ≤ 7.7.3 (semver)
    Affected: 7.7.2 , ≤ 7.7.2 (semver)
    Affected: 7.7.1 , ≤ 7.7.1 (semver)
    Affected: 7.7 , ≤ 7.7 (semver)
    Affected: 7.6.1 , ≤ 7.6.1 (semver)
    Affected: 7.6 , ≤ 7.6 (semver)
    Affected: 7.5.2 , ≤ 7.5.2 (semver)
    Affected: 7.5.1 , ≤ 7.5.1 (semver)
    Affected: 7.5 , ≤ 7.5 (semver)
    Affected: 7.4.2 , ≤ 7.4.2 (semver)
    Affected: 7.4.1 , ≤ 7.4.1 (semver)
    Affected: 7.4 , ≤ 7.4 (semver)
    Affected: 7.3 , ≤ 7.3 (semver)
    Affected: 7.2.1 , ≤ 7.2.1 (semver)
    Affected: 7.2 , ≤ 7.2 (semver)
    Affected: 7.1.1 , ≤ 7.1.1 (semver)
    Affected: 7.1 , ≤ 7.1 (semver)
    Affected: 6.5.2 , ≤ 6.5.2 (semver)
    Affected: 6.5.1 , ≤ 6.5.1 (semver)
    Affected: 6.5 , ≤ 6.5 (semver)
    Create a notification for this product.
    Credits
    Harry Sintonen Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:36:27.027Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2024/12/11/1"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20250124-0012/"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20250131-0003/"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20250131-0004/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.4,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11053",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-15T16:47:42.738403Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-15T16:50:59.398Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.0",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.2",
                  "status": "affected",
                  "version": "7.13.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.1",
                  "status": "affected",
                  "version": "7.13.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.0",
                  "status": "affected",
                  "version": "7.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.3",
                  "status": "affected",
                  "version": "7.12.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.2",
                  "status": "affected",
                  "version": "7.12.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.1",
                  "status": "affected",
                  "version": "7.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.0",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.2",
                  "status": "affected",
                  "version": "7.11.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.1",
                  "status": "affected",
                  "version": "7.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.0",
                  "status": "affected",
                  "version": "7.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.8",
                  "status": "affected",
                  "version": "7.10.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.7",
                  "status": "affected",
                  "version": "7.10.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.6",
                  "status": "affected",
                  "version": "7.10.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.5",
                  "status": "affected",
                  "version": "7.10.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.4",
                  "status": "affected",
                  "version": "7.10.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.3",
                  "status": "affected",
                  "version": "7.10.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.2",
                  "status": "affected",
                  "version": "7.10.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.1",
                  "status": "affected",
                  "version": "7.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10",
                  "status": "affected",
                  "version": "7.10",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.8",
                  "status": "affected",
                  "version": "7.9.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.7",
                  "status": "affected",
                  "version": "7.9.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.6",
                  "status": "affected",
                  "version": "7.9.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.5",
                  "status": "affected",
                  "version": "7.9.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.4",
                  "status": "affected",
                  "version": "7.9.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.3",
                  "status": "affected",
                  "version": "7.9.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.2",
                  "status": "affected",
                  "version": "7.9.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.1",
                  "status": "affected",
                  "version": "7.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9",
                  "status": "affected",
                  "version": "7.9",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.8.1",
                  "status": "affected",
                  "version": "7.8.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.8",
                  "status": "affected",
                  "version": "7.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.3",
                  "status": "affected",
                  "version": "7.7.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.2",
                  "status": "affected",
                  "version": "7.7.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.1",
                  "status": "affected",
                  "version": "7.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7",
                  "status": "affected",
                  "version": "7.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6",
                  "status": "affected",
                  "version": "7.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.5.2",
                  "status": "affected",
                  "version": "7.5.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.5.1",
                  "status": "affected",
                  "version": "7.5.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.5",
                  "status": "affected",
                  "version": "7.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.2",
                  "status": "affected",
                  "version": "7.4.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4",
                  "status": "affected",
                  "version": "7.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.3",
                  "status": "affected",
                  "version": "7.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.1",
                  "status": "affected",
                  "version": "7.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2",
                  "status": "affected",
                  "version": "7.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.1.1",
                  "status": "affected",
                  "version": "7.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.1",
                  "status": "affected",
                  "version": "7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.5.2",
                  "status": "affected",
                  "version": "6.5.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.5.1",
                  "status": "affected",
                  "version": "6.5.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.5",
                  "status": "affected",
                  "version": "6.5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Harry Sintonen"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-11T07:34:29.539Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2024-11053.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2024-11053.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/2829063"
            }
          ],
          "title": "netrc and redirect credential leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2024-11053",
        "datePublished": "2024-12-11T07:34:29.539Z",
        "dateReserved": "2024-11-09T18:41:55.703Z",
        "dateUpdated": "2025-11-03T20:36:27.027Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-33601 (GCVE-0-2024-33601)

    Vulnerability from nvd – Published: 2024-05-06 19:22 – Updated: 2026-05-12 11:51
    VLAI
    Title
    nscd: netgroup cache may terminate daemon on memory allocation failure
    Summary
    nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "glibc",
                "vendor": "gnu",
                "versions": [
                  {
                    "lessThan": "2.40",
                    "status": "affected",
                    "version": "2.15",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33601",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-09T17:26:01.322253Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-18T13:55:13.348Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:36:04.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240524-0014/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T11:51:47.108Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "glibc",
              "vendor": "The GNU C Library",
              "versions": [
                {
                  "lessThan": "2.40",
                  "status": "affected",
                  "version": "2.15",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003enscd: netgroup cache may terminate daemon on memory allocation failure\u003cbr\u003e\u003cbr\u003eThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\u003cbr\u003exrealloc and these functions may terminate the process due to a memory\u003cbr\u003eallocation failure resulting in a denial of service to the clients.  The\u003cbr\u003eflaw was introduced in glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients.  The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-22T18:06:12.587Z",
            "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
            "shortName": "glibc"
          },
          "references": [
            {
              "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240524-0014/"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "nscd: netgroup cache may terminate daemon on memory allocation failure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "assignerShortName": "glibc",
        "cveId": "CVE-2024-33601",
        "datePublished": "2024-05-06T19:22:07.763Z",
        "dateReserved": "2024-04-24T20:35:08.340Z",
        "dateUpdated": "2026-05-12T11:51:47.108Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-33600 (GCVE-0-2024-33600)

    Vulnerability from nvd – Published: 2024-05-06 19:22 – Updated: 2026-05-12 11:51
    VLAI
    Title
    nscd: Null pointer crashes after notfound response
    Summary
    nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33600",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-07T19:13:16.760599Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T14:41:14.484Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:36:04.168Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240524-0013/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T11:51:45.819Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "glibc",
              "vendor": "The GNU C Library",
              "versions": [
                {
                  "lessThan": "2.40",
                  "status": "affected",
                  "version": "2.15",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003enscd: Null pointer crashes after notfound response\u003cbr\u003e\u003cbr\u003eIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\u003cbr\u003enetgroup response to the cache, the client request can result in a null\u003cbr\u003epointer dereference.  This flaw was introduced in glibc 2.15 when the\u003cbr\u003ecache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference.  This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-129",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-129 Pointer Manipulation"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-22T18:06:08.949Z",
            "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
            "shortName": "glibc"
          },
          "references": [
            {
              "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240524-0013/"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "nscd: Null pointer crashes after notfound response",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "assignerShortName": "glibc",
        "cveId": "CVE-2024-33600",
        "datePublished": "2024-05-06T19:22:02.726Z",
        "dateReserved": "2024-04-24T20:35:08.340Z",
        "dateUpdated": "2026-05-12T11:51:45.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-26735 (GCVE-0-2024-26735)

    Vulnerability from nvd – Published: 2024-04-03 17:00 – Updated: 2026-05-11 20:03
    VLAI
    Title
    ipv6: sr: fix possible use-after-free and null-ptr-deref
    Summary
    In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering the generic netlink family.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa , < 953f42934533c151f440cd32390044d2396b87aa (git)
    Affected: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa , < 82831e3ff76ef09fb184eb93b79a3eb3fb284f1d (git)
    Affected: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa , < 65c38f23d10ff79feea1e5d50b76dc7af383c1e6 (git)
    Affected: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa , < 91b020aaa1e59bfb669d34c968e3db3d5416bcee (git)
    Affected: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa , < 8391b9b651cfdf80ab0f1dc4a489f9d67386e197 (git)
    Affected: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa , < 9e02973dbc6a91e40aa4f5d87b8c47446fbfce44 (git)
    Affected: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa , < 02b08db594e8218cfbc0e4680d4331b457968a9b (git)
    Affected: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa , < 5559cea2d5aa3018a5f00dd2aca3427ba09b386b (git)
    Create a notification for this product.
    Linux Linux Affected: 4.10
    Unaffected: 0 , < 4.10 (semver)
    Unaffected: 4.19.308 , ≤ 4.19.* (semver)
    Unaffected: 5.4.270 , ≤ 5.4.* (semver)
    Unaffected: 5.10.211 , ≤ 5.10.* (semver)
    Unaffected: 5.15.150 , ≤ 5.15.* (semver)
    Unaffected: 6.1.80 , ≤ 6.1.* (semver)
    Unaffected: 6.6.19 , ≤ 6.6.* (semver)
    Unaffected: 6.7.7 , ≤ 6.7.* (semver)
    Unaffected: 6.8 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26735",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-16T14:17:44.078376Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:01:54.331Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-11-01T17:03:12.597Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20241101-0012/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "net/ipv6/seg6.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "953f42934533c151f440cd32390044d2396b87aa",
                  "status": "affected",
                  "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
                  "versionType": "git"
                },
                {
                  "lessThan": "82831e3ff76ef09fb184eb93b79a3eb3fb284f1d",
                  "status": "affected",
                  "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
                  "versionType": "git"
                },
                {
                  "lessThan": "65c38f23d10ff79feea1e5d50b76dc7af383c1e6",
                  "status": "affected",
                  "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
                  "versionType": "git"
                },
                {
                  "lessThan": "91b020aaa1e59bfb669d34c968e3db3d5416bcee",
                  "status": "affected",
                  "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
                  "versionType": "git"
                },
                {
                  "lessThan": "8391b9b651cfdf80ab0f1dc4a489f9d67386e197",
                  "status": "affected",
                  "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
                  "versionType": "git"
                },
                {
                  "lessThan": "9e02973dbc6a91e40aa4f5d87b8c47446fbfce44",
                  "status": "affected",
                  "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
                  "versionType": "git"
                },
                {
                  "lessThan": "02b08db594e8218cfbc0e4680d4331b457968a9b",
                  "status": "affected",
                  "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
                  "versionType": "git"
                },
                {
                  "lessThan": "5559cea2d5aa3018a5f00dd2aca3427ba09b386b",
                  "status": "affected",
                  "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "net/ipv6/seg6.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.10"
                },
                {
                  "lessThan": "4.10",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.19.*",
                  "status": "unaffected",
                  "version": "4.19.308",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.4.*",
                  "status": "unaffected",
                  "version": "5.4.270",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.211",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.150",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.80",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.19",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.7.*",
                  "status": "unaffected",
                  "version": "6.7.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "6.8",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.19.308",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.4.270",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.211",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.150",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.80",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.19",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.7",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.8",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix possible use-after-free and null-ptr-deref\n\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:03:08.357Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa"
            },
            {
              "url": "https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d"
            },
            {
              "url": "https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6"
            },
            {
              "url": "https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee"
            },
            {
              "url": "https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197"
            },
            {
              "url": "https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44"
            },
            {
              "url": "https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b"
            },
            {
              "url": "https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b"
            }
          ],
          "title": "ipv6: sr: fix possible use-after-free and null-ptr-deref",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2024-26735",
        "datePublished": "2024-04-03T17:00:21.972Z",
        "dateReserved": "2024-02-19T14:20:24.165Z",
        "dateUpdated": "2026-05-11T20:03:08.357Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-26733 (GCVE-0-2024-26733)

    Vulnerability from nvd – Published: 2024-04-03 17:00 – Updated: 2026-05-11 20:03
    VLAI
    Title
    arp: Prevent overflow in arp_req_get().
    Summary
    In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data. The arp_ha here is struct sockaddr, not struct sockaddr_storage, so the sa_data buffer is just 14 bytes. In the splat below, 2 bytes are overflown to the next int field, arp_flags. We initialise the field just after the memcpy(), so it's not a problem. However, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN), arp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL) in arp_ioctl() before calling arp_req_get(). To avoid the overflow, let's limit the max length of memcpy(). Note that commit b5f0de6df6dc ("net: dev: Convert sa_data to flexible array in struct sockaddr") just silenced syzkaller. [0]: memcpy: detected field-spanning write (size 16) of single field "r->arp_ha.sa_data" at net/ipv4/arp.c:1128 (size 14) WARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Modules linked in: CPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014 RIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Code: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6 RSP: 0018:ffffc900050b7998 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001 RBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000 R13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010 FS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261 inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981 sock_do_ioctl+0xdf/0x260 net/socket.c:1204 sock_ioctl+0x3ef/0x650 net/socket.c:1321 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x7f172b262b8d Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d RDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003 RBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000 </TASK>
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 97eaa2955db4120ce6ec2ef123e860bc32232c50 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f119f2325ba70cbfdec701000dcad4d88805d5b0 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a3f2c083cb575d80a7627baf3339e78fedccbb91 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a7d6027790acea24446ddd6632d394096c0f4667 (git)
    Create a notification for this product.
    Linux Linux Affected: 2.6.12
    Unaffected: 0 , < 2.6.12 (semver)
    Unaffected: 5.10.211 , ≤ 5.10.* (semver)
    Unaffected: 5.15.150 , ≤ 5.15.* (semver)
    Unaffected: 6.1.80 , ≤ 6.1.* (semver)
    Unaffected: 6.6.19 , ≤ 6.6.* (semver)
    Unaffected: 6.7.7 , ≤ 6.7.* (semver)
    Unaffected: 6.8 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-11-01T17:03:11.240Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20241101-0013/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26733",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T15:52:00.464269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-11T17:33:20.304Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "net/ipv4/arp.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "97eaa2955db4120ce6ec2ef123e860bc32232c50",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "f119f2325ba70cbfdec701000dcad4d88805d5b0",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "a3f2c083cb575d80a7627baf3339e78fedccbb91",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "a7d6027790acea24446ddd6632d394096c0f4667",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "net/ipv4/arp.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6.12"
                },
                {
                  "lessThan": "2.6.12",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.211",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.150",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.80",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.19",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.7.*",
                  "status": "unaffected",
                  "version": "6.7.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "6.8",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.211",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.150",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.80",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.19",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.7",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.8",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: Prevent overflow in arp_req_get().\n\nsyzkaller reported an overflown write in arp_req_get(). [0]\n\nWhen ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour\nentry and copies neigh-\u003eha to struct arpreq.arp_ha.sa_data.\n\nThe arp_ha here is struct sockaddr, not struct sockaddr_storage, so\nthe sa_data buffer is just 14 bytes.\n\nIn the splat below, 2 bytes are overflown to the next int field,\narp_flags.  We initialise the field just after the memcpy(), so it\u0027s\nnot a problem.\n\nHowever, when dev-\u003eaddr_len is greater than 22 (e.g. MAX_ADDR_LEN),\narp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL)\nin arp_ioctl() before calling arp_req_get().\n\nTo avoid the overflow, let\u0027s limit the max length of memcpy().\n\nNote that commit b5f0de6df6dc (\"net: dev: Convert sa_data to flexible\narray in struct sockaddr\") just silenced syzkaller.\n\n[0]:\nmemcpy: detected field-spanning write (size 16) of single field \"r-\u003earp_ha.sa_data\" at net/ipv4/arp.c:1128 (size 14)\nWARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nModules linked in:\nCPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014\nRIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nCode: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb \u003c0f\u003e 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6\nRSP: 0018:ffffc900050b7998 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001\nRBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000\nR13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010\nFS:  00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261\n inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981\n sock_do_ioctl+0xdf/0x260 net/socket.c:1204\n sock_ioctl+0x3ef/0x650 net/socket.c:1321\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x64/0xce\nRIP: 0033:0x7f172b262b8d\nCode: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d\nRDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003\nRBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000\n \u003c/TASK\u003e"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:03:05.779Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587"
            },
            {
              "url": "https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50"
            },
            {
              "url": "https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0"
            },
            {
              "url": "https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91"
            },
            {
              "url": "https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a"
            },
            {
              "url": "https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667"
            }
          ],
          "title": "arp: Prevent overflow in arp_req_get().",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2024-26733",
        "datePublished": "2024-04-03T17:00:20.437Z",
        "dateReserved": "2024-02-19T14:20:24.165Z",
        "dateUpdated": "2026-05-11T20:03:05.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-2398 (GCVE-0-2024-2398)

    Vulnerability from nvd – Published: 2024-03-27 07:55 – Updated: 2025-02-13 17:40
    VLAI
    Title
    HTTP/2 push headers memory-leak
    Summary
    When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Create a notification for this product.
    curl curl Affected: 7.44.0 , ≤ 8.6.0 (custom)
        cpe:2.3:a:curl:curl:7.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    w0x42 on hackerone Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:curl:curl:7.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "curl",
                "vendor": "curl",
                "versions": [
                  {
                    "lessThanOrEqual": "8.6.0",
                    "status": "affected",
                    "version": "7.44.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 8.6,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2398",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-26T18:57:39.256472Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:30:40.286Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "json",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://curl.se/docs/CVE-2024-2398.json"
              },
              {
                "name": "www",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://curl.se/docs/CVE-2024-2398.html"
              },
              {
                "name": "issue",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/2402845"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/03/27/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240503-0009/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214119"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214118"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214120"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/19"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "w0x42 on hackerone"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.  Further, this error condition fails silently and is therefore not easily detected by an application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-772 Missing Release of Resource after Effective Lifetime",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T22:06:29.645Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2024-2398.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2024-2398.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/2402845"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/03/27/3"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240503-0009/"
            },
            {
              "url": "https://support.apple.com/kb/HT214119"
            },
            {
              "url": "https://support.apple.com/kb/HT214118"
            },
            {
              "url": "https://support.apple.com/kb/HT214120"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jul/20"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jul/19"
            }
          ],
          "title": "HTTP/2 push headers memory-leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2024-2398",
        "datePublished": "2024-03-27T07:55:48.524Z",
        "dateReserved": "2024-03-12T10:59:22.660Z",
        "dateUpdated": "2025-02-13T17:40:07.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2379 (GCVE-0-2024-2379)

    Vulnerability from nvd – Published: 2024-03-27 07:56 – Updated: 2025-02-13 17:39
    VLAI
    Title
    QUIC certificate check bypass with wolfSSL
    Summary
    libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Create a notification for this product.
    Credits
    Dexter Gerig Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "json",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://curl.se/docs/CVE-2024-2379.json"
              },
              {
                "name": "www",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://curl.se/docs/CVE-2024-2379.html"
              },
              {
                "name": "issue",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/2410774"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/03/27/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240531-0001/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214119"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214118"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214120"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/19"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T17:42:40.991655Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-14T19:51:37.916Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dexter Gerig"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T22:06:15.682Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2024-2379.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2024-2379.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/2410774"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/03/27/2"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240531-0001/"
            },
            {
              "url": "https://support.apple.com/kb/HT214119"
            },
            {
              "url": "https://support.apple.com/kb/HT214118"
            },
            {
              "url": "https://support.apple.com/kb/HT214120"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jul/20"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jul/19"
            }
          ],
          "title": "QUIC certificate check bypass with wolfSSL"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2024-2379",
        "datePublished": "2024-03-27T07:56:41.158Z",
        "dateReserved": "2024-03-11T14:39:01.543Z",
        "dateUpdated": "2025-02-13T17:39:51.599Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-26633 (GCVE-0-2024-26633)

    Vulnerability from nvd – Published: 2024-03-18 10:07 – Updated: 2026-05-23 15:36
    VLAI
    Title
    ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
    Summary
    In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->head. Currently we might access garbage. [1] BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027 kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582 pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098 __pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655 pskb_may_pull_reason include/linux/skbuff.h:2673 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] ip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendms ---truncated---
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 135414f300c5db995e2a2f3bf0f455de9d014aee (git)
    Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 3f15ba3dc14e6ee002ea01b4faddc3d49200377c (git)
    Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < da23bd709b46168f7dfc36055801011222b076cd (git)
    Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 4329426cf6b8e22b798db2331c7ef1dd2a9c748d (git)
    Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 62a1fedeb14c7ac0947ef33fadbabd35ed2400a2 (git)
    Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 687c5d52fe53e602e76826dbd4d7af412747e183 (git)
    Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < ba8d904c274268b18ef3dc11d3ca7b24a96cb087 (git)
    Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < d375b98e0248980681e5e56b712026174d617198 (git)
    Affected: a6f6bb6bc04a5f88a31f47a6123d3fbf5ee8d694 (git)
    Affected: 72bbf335e7aad09c88c50dbdd238f4faabd12174 (git)
    Affected: decccc92ee0a978a1c268b5df16824cb6384ed3c (git)
    Affected: d3d9b59ab32160e3cc4edcf7e5fa7cecb53a7d25 (git)
    Affected: d397f7035d2c754781bbe93b07b94d8cd898620c (git)
    Affected: 41e07a7e01d951cfd4c9a7dac90c921269d89513 (git)
    Affected: a7fe4e5d06338e1a82b1977eca37400951f99730 (git)
    Affected: 3.2.87 , < 3.3 (semver)
    Affected: 3.10.106 , < 3.11 (semver)
    Affected: 3.12.71 , < 3.13 (semver)
    Affected: 3.16.42 , < 3.17 (semver)
    Affected: 3.18.49 , < 3.19 (semver)
    Affected: 4.4.50 , < 4.5 (semver)
    Affected: 4.9.11 , < 4.10 (semver)
    Create a notification for this product.
    Linux Linux Affected: 4.10
    Unaffected: 0 , < 4.10 (semver)
    Unaffected: 4.19.306 , ≤ 4.19.* (semver)
    Unaffected: 5.4.268 , ≤ 5.4.* (semver)
    Unaffected: 5.10.209 , ≤ 5.10.* (semver)
    Unaffected: 5.15.148 , ≤ 5.15.* (semver)
    Unaffected: 6.1.75 , ≤ 6.1.* (semver)
    Unaffected: 6.6.14 , ≤ 6.6.* (semver)
    Unaffected: 6.7.2 , ≤ 6.7.* (semver)
    Unaffected: 6.8 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26633",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-18T19:01:45.822242Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-05T17:13:27.539Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-12-20T13:06:42.426Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/135414f300c5db995e2a2f3bf0f455de9d014aee"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/3f15ba3dc14e6ee002ea01b4faddc3d49200377c"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/4329426cf6b8e22b798db2331c7ef1dd2a9c748d"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/62a1fedeb14c7ac0947ef33fadbabd35ed2400a2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/687c5d52fe53e602e76826dbd4d7af412747e183"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/ba8d904c274268b18ef3dc11d3ca7b24a96cb087"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/d375b98e0248980681e5e56b712026174d617198"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20241220-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "net/ipv6/ip6_tunnel.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "135414f300c5db995e2a2f3bf0f455de9d014aee",
                  "status": "affected",
                  "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
                  "versionType": "git"
                },
                {
                  "lessThan": "3f15ba3dc14e6ee002ea01b4faddc3d49200377c",
                  "status": "affected",
                  "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
                  "versionType": "git"
                },
                {
                  "lessThan": "da23bd709b46168f7dfc36055801011222b076cd",
                  "status": "affected",
                  "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
                  "versionType": "git"
                },
                {
                  "lessThan": "4329426cf6b8e22b798db2331c7ef1dd2a9c748d",
                  "status": "affected",
                  "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
                  "versionType": "git"
                },
                {
                  "lessThan": "62a1fedeb14c7ac0947ef33fadbabd35ed2400a2",
                  "status": "affected",
                  "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
                  "versionType": "git"
                },
                {
                  "lessThan": "687c5d52fe53e602e76826dbd4d7af412747e183",
                  "status": "affected",
                  "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
                  "versionType": "git"
                },
                {
                  "lessThan": "ba8d904c274268b18ef3dc11d3ca7b24a96cb087",
                  "status": "affected",
                  "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
                  "versionType": "git"
                },
                {
                  "lessThan": "d375b98e0248980681e5e56b712026174d617198",
                  "status": "affected",
                  "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "a6f6bb6bc04a5f88a31f47a6123d3fbf5ee8d694",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "72bbf335e7aad09c88c50dbdd238f4faabd12174",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "decccc92ee0a978a1c268b5df16824cb6384ed3c",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "d3d9b59ab32160e3cc4edcf7e5fa7cecb53a7d25",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "d397f7035d2c754781bbe93b07b94d8cd898620c",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "41e07a7e01d951cfd4c9a7dac90c921269d89513",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "a7fe4e5d06338e1a82b1977eca37400951f99730",
                  "versionType": "git"
                },
                {
                  "lessThan": "3.3",
                  "status": "affected",
                  "version": "3.2.87",
                  "versionType": "semver"
                },
                {
                  "lessThan": "3.11",
                  "status": "affected",
                  "version": "3.10.106",
                  "versionType": "semver"
                },
                {
                  "lessThan": "3.13",
                  "status": "affected",
                  "version": "3.12.71",
                  "versionType": "semver"
                },
                {
                  "lessThan": "3.17",
                  "status": "affected",
                  "version": "3.16.42",
                  "versionType": "semver"
                },
                {
                  "lessThan": "3.19",
                  "status": "affected",
                  "version": "3.18.49",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.5",
                  "status": "affected",
                  "version": "4.4.50",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.10",
                  "status": "affected",
                  "version": "4.9.11",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "net/ipv6/ip6_tunnel.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.10"
                },
                {
                  "lessThan": "4.10",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.19.*",
                  "status": "unaffected",
                  "version": "4.19.306",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.4.*",
                  "status": "unaffected",
                  "version": "5.4.268",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.209",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.148",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.75",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.14",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.7.*",
                  "status": "unaffected",
                  "version": "6.7.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "6.8",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.19.306",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.4.268",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.209",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.148",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.75",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.14",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.2",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.8",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "3.2.87",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "3.10.106",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "3.12.71",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "3.16.42",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "3.18.49",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "4.4.50",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "4.9.11",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()\n\nsyzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken.\n\nReading frag_off can only be done if we pulled enough bytes\nto skb-\u003ehead. Currently we might access garbage.\n\n[1]\nBUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0\nip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0\nipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]\nip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432\n__netdev_start_xmit include/linux/netdevice.h:4940 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4954 [inline]\nxmit_one net/core/dev.c:3548 [inline]\ndev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\nneigh_connected_output+0x569/0x660 net/core/neighbour.c:1592\nneigh_output include/net/neighbour.h:542 [inline]\nip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137\nip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222\nNF_HOOK_COND include/linux/netfilter.h:303 [inline]\nip6_output+0x323/0x610 net/ipv6/ip6_output.c:243\ndst_output include/net/dst.h:451 [inline]\nip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155\nip6_send_skb net/ipv6/ip6_output.c:1952 [inline]\nip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972\nrawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582\nrawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920\ninet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg net/socket.c:745 [inline]\n____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n__sys_sendmsg net/socket.c:2667 [inline]\n__do_sys_sendmsg net/socket.c:2676 [inline]\n__se_sys_sendmsg net/socket.c:2674 [inline]\n__x64_sys_sendmsg+0x307/0x490 net/socket.c:2674\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\nslab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\nslab_alloc_node mm/slub.c:3478 [inline]\n__kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517\n__do_kmalloc_node mm/slab_common.c:1006 [inline]\n__kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027\nkmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582\npskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098\n__pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655\npskb_may_pull_reason include/linux/skbuff.h:2673 [inline]\npskb_may_pull include/linux/skbuff.h:2681 [inline]\nip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408\nipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]\nip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432\n__netdev_start_xmit include/linux/netdevice.h:4940 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4954 [inline]\nxmit_one net/core/dev.c:3548 [inline]\ndev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\nneigh_connected_output+0x569/0x660 net/core/neighbour.c:1592\nneigh_output include/net/neighbour.h:542 [inline]\nip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137\nip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222\nNF_HOOK_COND include/linux/netfilter.h:303 [inline]\nip6_output+0x323/0x610 net/ipv6/ip6_output.c:243\ndst_output include/net/dst.h:451 [inline]\nip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155\nip6_send_skb net/ipv6/ip6_output.c:1952 [inline]\nip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972\nrawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582\nrawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920\ninet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg net/socket.c:745 [inline]\n____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n__sys_sendmsg net/socket.c:2667 [inline]\n__do_sys_sendms\n---truncated---"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-23T15:36:13.795Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/135414f300c5db995e2a2f3bf0f455de9d014aee"
            },
            {
              "url": "https://git.kernel.org/stable/c/3f15ba3dc14e6ee002ea01b4faddc3d49200377c"
            },
            {
              "url": "https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd"
            },
            {
              "url": "https://git.kernel.org/stable/c/4329426cf6b8e22b798db2331c7ef1dd2a9c748d"
            },
            {
              "url": "https://git.kernel.org/stable/c/62a1fedeb14c7ac0947ef33fadbabd35ed2400a2"
            },
            {
              "url": "https://git.kernel.org/stable/c/687c5d52fe53e602e76826dbd4d7af412747e183"
            },
            {
              "url": "https://git.kernel.org/stable/c/ba8d904c274268b18ef3dc11d3ca7b24a96cb087"
            },
            {
              "url": "https://git.kernel.org/stable/c/d375b98e0248980681e5e56b712026174d617198"
            }
          ],
          "title": "ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2024-26633",
        "datePublished": "2024-03-18T10:07:49.468Z",
        "dateReserved": "2024-02-19T14:20:24.136Z",
        "dateUpdated": "2026-05-23T15:36:13.795Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-52585 (GCVE-0-2023-52585)

    Vulnerability from nvd – Published: 2024-03-06 06:45 – Updated: 2026-05-11 19:29
    VLAI
    Title
    drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()
    Summary
    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176)
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 467139546f3fb93913de064461b1a43a212d7626 (git)
    Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 0eb296233f86750102aa43b97879b8d8311f249a (git)
    Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 7e6d6f27522bcd037856234b720ff607b9c4a09b (git)
    Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 92cb363d16ac1e41c9764cdb513d0e89a6ff4915 (git)
    Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < c364e7a34c85c2154fb2e47561965d5b5a0b69b1 (git)
    Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 195a6289282e039024ad30ba66e6f94a4d0fbe49 (git)
    Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < b8d55a90fd55b767c25687747e2b24abd1ef8680 (git)
    Create a notification for this product.
    Linux Linux Affected: 4.2
    Unaffected: 0 , < 4.2 (semver)
    Unaffected: 5.4.277 , ≤ 5.4.* (semver)
    Unaffected: 5.10.218 , ≤ 5.10.* (semver)
    Unaffected: 5.15.160 , ≤ 5.15.* (semver)
    Unaffected: 6.1.92 , ≤ 6.1.* (semver)
    Unaffected: 6.6.32 , ≤ 6.6.* (semver)
    Unaffected: 6.7.4 , ≤ 6.7.* (semver)
    Unaffected: 6.8 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-52585",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-06T15:58:01.323059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-476",
                    "description": "CWE-476 NULL Pointer Dereference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:09:44.599Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-12T16:02:56.000Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20240912-0009/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "467139546f3fb93913de064461b1a43a212d7626",
                  "status": "affected",
                  "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
                  "versionType": "git"
                },
                {
                  "lessThan": "0eb296233f86750102aa43b97879b8d8311f249a",
                  "status": "affected",
                  "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
                  "versionType": "git"
                },
                {
                  "lessThan": "7e6d6f27522bcd037856234b720ff607b9c4a09b",
                  "status": "affected",
                  "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
                  "versionType": "git"
                },
                {
                  "lessThan": "92cb363d16ac1e41c9764cdb513d0e89a6ff4915",
                  "status": "affected",
                  "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
                  "versionType": "git"
                },
                {
                  "lessThan": "c364e7a34c85c2154fb2e47561965d5b5a0b69b1",
                  "status": "affected",
                  "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
                  "versionType": "git"
                },
                {
                  "lessThan": "195a6289282e039024ad30ba66e6f94a4d0fbe49",
                  "status": "affected",
                  "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
                  "versionType": "git"
                },
                {
                  "lessThan": "b8d55a90fd55b767c25687747e2b24abd1ef8680",
                  "status": "affected",
                  "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.2"
                },
                {
                  "lessThan": "4.2",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.4.*",
                  "status": "unaffected",
                  "version": "5.4.277",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.218",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.160",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.32",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.7.*",
                  "status": "unaffected",
                  "version": "6.7.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "6.8",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.4.277",
                      "versionStartIncluding": "4.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.218",
                      "versionStartIncluding": "4.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.160",
                      "versionStartIncluding": "4.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.92",
                      "versionStartIncluding": "4.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.32",
                      "versionStartIncluding": "4.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.4",
                      "versionStartIncluding": "4.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.8",
                      "versionStartIncluding": "4.2",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()\n\nReturn invalid error code -EINVAL for invalid block id.\n\nFixes the below:\n\ndrivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed \u0027info\u0027 could be null (see line 1176)"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T19:29:44.748Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626"
            },
            {
              "url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a"
            },
            {
              "url": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b"
            },
            {
              "url": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915"
            },
            {
              "url": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1"
            },
            {
              "url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49"
            },
            {
              "url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680"
            }
          ],
          "title": "drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2023-52585",
        "datePublished": "2024-03-06T06:45:20.389Z",
        "dateReserved": "2024-03-02T21:55:42.570Z",
        "dateUpdated": "2026-05-11T19:29:44.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-26462 (GCVE-0-2024-26462)

    Vulnerability from nvd – Published: 2024-02-26 00:00 – Updated: 2025-03-25 20:05
    VLAI
    Summary
    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26462",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T20:04:17.090842Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-401",
                    "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T20:05:04.705Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:07:19.501Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240415-0012/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-15T15:06:05.191Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240415-0012/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-26462",
        "datePublished": "2024-02-26T00:00:00.000Z",
        "dateReserved": "2024-02-19T00:00:00.000Z",
        "dateUpdated": "2025-03-25T20:05:04.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-26461 (GCVE-0-2024-26461)

    Vulnerability from nvd – Published: 2024-02-26 00:00 – Updated: 2024-08-14 15:15
    VLAI
    Summary
    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    mit kerberos_5 Affected: 1.21.2
        cpe:2.3:a:mit:kerberos_5:1.21.2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:07:19.361Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240415-0011/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mit:kerberos_5:1.21.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "kerberos_5",
                "vendor": "mit",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.21.2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26461",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T15:09:48.143388Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-14T15:15:42.206Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-15T15:06:17.596Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240415-0011/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-26461",
        "datePublished": "2024-02-26T00:00:00.000Z",
        "dateReserved": "2024-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-14T15:15:42.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-26458 (GCVE-0-2024-26458)

    Vulnerability from nvd – Published: 2024-02-26 00:00 – Updated: 2024-12-06 21:01
    VLAI
    Summary
    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26458",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-29T20:47:58.786706Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-06T21:01:53.155Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:07:19.467Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240415-0010/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-15T15:06:14.610Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240415-0010/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-26458",
        "datePublished": "2024-02-26T00:00:00.000Z",
        "dateReserved": "2024-02-19T00:00:00.000Z",
        "dateUpdated": "2024-12-06T21:01:53.155Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36879 (GCVE-0-2022-36879)

    Vulnerability from nvd – Published: 2022-07-27 03:27 – Updated: 2025-05-05 16:13
    VLAI
    Summary
    An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • NVD-CWE-Other
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:14:29.394Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901"
              },
              {
                "name": "DSA-5207",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5207"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220901-0007/"
              },
              {
                "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
              },
              {
                "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36879",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:20:30.313688Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "NVD-CWE-Other",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T16:13:47.182Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-02T18:06:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901"
            },
            {
              "name": "DSA-5207",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5207"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220901-0007/"
            },
            {
              "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-36879",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901",
                  "refsource": "MISC",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901",
                  "refsource": "MISC",
                  "url": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901"
                },
                {
                  "name": "DSA-5207",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5207"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220901-0007/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220901-0007/"
                },
                {
                  "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
                },
                {
                  "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-36879",
        "datePublished": "2022-07-27T03:27:41.000Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-05-05T16:13:47.182Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2068 (GCVE-0-2022-2068)

    Vulnerability from nvd – Published: 2022-06-21 14:45 – Updated: 2025-12-30 04:55
    VLAI
    Title
    The c_rehash script allows command injection
    Summary
    In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Command injection
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3)
    Affected: Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o)
    Affected: Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)
    Create a notification for this product.
    Date Public
    2022-06-21 00:00
    Credits
    Chancen (Qingteng 73lab)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:45:47.155Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://gitlab.com/fraf0/cve-2022-1292-re_score-analysis"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20220621.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"
              },
              {
                "name": "DSA-5169",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5169"
              },
              {
                "name": "FEDORA-2022-3b7d0abd0b",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220707-0008/"
              },
              {
                "name": "FEDORA-2022-41890e9e44",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2024/Nov/0"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2068",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-07-21T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T04:55:27.130Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3)"
                },
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o)"
                },
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chancen (Qingteng 73lab)"
            }
          ],
          "datePublic": "2022-06-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
                  "value": "Moderate"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-10T00:00:00.000Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20220621.txt"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"
            },
            {
              "name": "DSA-5169",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5169"
            },
            {
              "name": "FEDORA-2022-3b7d0abd0b",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220707-0008/"
            },
            {
              "name": "FEDORA-2022-41890e9e44",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
            }
          ],
          "title": "The c_rehash script allows command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2022-2068",
        "datePublished": "2022-06-21T14:45:20.597Z",
        "dateReserved": "2022-06-13T00:00:00.000Z",
        "dateUpdated": "2025-12-30T04:55:27.130Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-0167 (GCVE-0-2025-0167)

    Vulnerability from cvelistv5 – Published: 2025-02-05 09:15 – Updated: 2025-03-07 00:10
    VLAI
    Title
    netrc and default credential leak
    Summary
    When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Create a notification for this product.
    Credits
    Yihang Zhou Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.4,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0167",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-05T15:52:41.551530Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T14:48:00.488Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://curl.se/docs/CVE-2025-0167.html"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-03-07T00:10:48.290Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250306-0008/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Yihang Zhou"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When asked to use a `.netrc` file for credentials **and** to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has a `default` entry that\nomits both login and password. A rare circumstance."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-05T09:15:06.891Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2025-0167.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2025-0167.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/2917232"
            }
          ],
          "title": "netrc and default credential leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2025-0167",
        "datePublished": "2025-02-05T09:15:06.891Z",
        "dateReserved": "2024-12-31T23:07:29.650Z",
        "dateUpdated": "2025-03-07T00:10:48.290Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-11053 (GCVE-0-2024-11053)

    Vulnerability from cvelistv5 – Published: 2024-12-11 07:34 – Updated: 2025-11-03 20:36
    VLAI
    Title
    netrc and redirect credential leak
    Summary
    When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Affected: 7.14.0 , ≤ 7.14.0 (semver)
    Affected: 7.13.2 , ≤ 7.13.2 (semver)
    Affected: 7.13.1 , ≤ 7.13.1 (semver)
    Affected: 7.13.0 , ≤ 7.13.0 (semver)
    Affected: 7.12.3 , ≤ 7.12.3 (semver)
    Affected: 7.12.2 , ≤ 7.12.2 (semver)
    Affected: 7.12.1 , ≤ 7.12.1 (semver)
    Affected: 7.12.0 , ≤ 7.12.0 (semver)
    Affected: 7.11.2 , ≤ 7.11.2 (semver)
    Affected: 7.11.1 , ≤ 7.11.1 (semver)
    Affected: 7.11.0 , ≤ 7.11.0 (semver)
    Affected: 7.10.8 , ≤ 7.10.8 (semver)
    Affected: 7.10.7 , ≤ 7.10.7 (semver)
    Affected: 7.10.6 , ≤ 7.10.6 (semver)
    Affected: 7.10.5 , ≤ 7.10.5 (semver)
    Affected: 7.10.4 , ≤ 7.10.4 (semver)
    Affected: 7.10.3 , ≤ 7.10.3 (semver)
    Affected: 7.10.2 , ≤ 7.10.2 (semver)
    Affected: 7.10.1 , ≤ 7.10.1 (semver)
    Affected: 7.10 , ≤ 7.10 (semver)
    Affected: 7.9.8 , ≤ 7.9.8 (semver)
    Affected: 7.9.7 , ≤ 7.9.7 (semver)
    Affected: 7.9.6 , ≤ 7.9.6 (semver)
    Affected: 7.9.5 , ≤ 7.9.5 (semver)
    Affected: 7.9.4 , ≤ 7.9.4 (semver)
    Affected: 7.9.3 , ≤ 7.9.3 (semver)
    Affected: 7.9.2 , ≤ 7.9.2 (semver)
    Affected: 7.9.1 , ≤ 7.9.1 (semver)
    Affected: 7.9 , ≤ 7.9 (semver)
    Affected: 7.8.1 , ≤ 7.8.1 (semver)
    Affected: 7.8 , ≤ 7.8 (semver)
    Affected: 7.7.3 , ≤ 7.7.3 (semver)
    Affected: 7.7.2 , ≤ 7.7.2 (semver)
    Affected: 7.7.1 , ≤ 7.7.1 (semver)
    Affected: 7.7 , ≤ 7.7 (semver)
    Affected: 7.6.1 , ≤ 7.6.1 (semver)
    Affected: 7.6 , ≤ 7.6 (semver)
    Affected: 7.5.2 , ≤ 7.5.2 (semver)
    Affected: 7.5.1 , ≤ 7.5.1 (semver)
    Affected: 7.5 , ≤ 7.5 (semver)
    Affected: 7.4.2 , ≤ 7.4.2 (semver)
    Affected: 7.4.1 , ≤ 7.4.1 (semver)
    Affected: 7.4 , ≤ 7.4 (semver)
    Affected: 7.3 , ≤ 7.3 (semver)
    Affected: 7.2.1 , ≤ 7.2.1 (semver)
    Affected: 7.2 , ≤ 7.2 (semver)
    Affected: 7.1.1 , ≤ 7.1.1 (semver)
    Affected: 7.1 , ≤ 7.1 (semver)
    Affected: 6.5.2 , ≤ 6.5.2 (semver)
    Affected: 6.5.1 , ≤ 6.5.1 (semver)
    Affected: 6.5 , ≤ 6.5 (semver)
    Create a notification for this product.
    Credits
    Harry Sintonen Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:36:27.027Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2024/12/11/1"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20250124-0012/"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20250131-0003/"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20250131-0004/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.4,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11053",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-15T16:47:42.738403Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-15T16:50:59.398Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.0",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.2",
                  "status": "affected",
                  "version": "7.13.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.1",
                  "status": "affected",
                  "version": "7.13.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.0",
                  "status": "affected",
                  "version": "7.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.3",
                  "status": "affected",
                  "version": "7.12.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.2",
                  "status": "affected",
                  "version": "7.12.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.1",
                  "status": "affected",
                  "version": "7.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.0",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.2",
                  "status": "affected",
                  "version": "7.11.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.1",
                  "status": "affected",
                  "version": "7.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.0",
                  "status": "affected",
                  "version": "7.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.8",
                  "status": "affected",
                  "version": "7.10.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.7",
                  "status": "affected",
                  "version": "7.10.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.6",
                  "status": "affected",
                  "version": "7.10.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.5",
                  "status": "affected",
                  "version": "7.10.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.4",
                  "status": "affected",
                  "version": "7.10.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.3",
                  "status": "affected",
                  "version": "7.10.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.2",
                  "status": "affected",
                  "version": "7.10.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.1",
                  "status": "affected",
                  "version": "7.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10",
                  "status": "affected",
                  "version": "7.10",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.8",
                  "status": "affected",
                  "version": "7.9.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.7",
                  "status": "affected",
                  "version": "7.9.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.6",
                  "status": "affected",
                  "version": "7.9.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.5",
                  "status": "affected",
                  "version": "7.9.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.4",
                  "status": "affected",
                  "version": "7.9.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.3",
                  "status": "affected",
                  "version": "7.9.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.2",
                  "status": "affected",
                  "version": "7.9.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.1",
                  "status": "affected",
                  "version": "7.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9",
                  "status": "affected",
                  "version": "7.9",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.8.1",
                  "status": "affected",
                  "version": "7.8.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.8",
                  "status": "affected",
                  "version": "7.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.3",
                  "status": "affected",
                  "version": "7.7.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.2",
                  "status": "affected",
                  "version": "7.7.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.1",
                  "status": "affected",
                  "version": "7.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7",
                  "status": "affected",
                  "version": "7.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6",
                  "status": "affected",
                  "version": "7.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.5.2",
                  "status": "affected",
                  "version": "7.5.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.5.1",
                  "status": "affected",
                  "version": "7.5.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.5",
                  "status": "affected",
                  "version": "7.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.2",
                  "status": "affected",
                  "version": "7.4.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4",
                  "status": "affected",
                  "version": "7.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.3",
                  "status": "affected",
                  "version": "7.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.1",
                  "status": "affected",
                  "version": "7.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2",
                  "status": "affected",
                  "version": "7.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.1.1",
                  "status": "affected",
                  "version": "7.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.1",
                  "status": "affected",
                  "version": "7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.5.2",
                  "status": "affected",
                  "version": "6.5.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.5.1",
                  "status": "affected",
                  "version": "6.5.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.5",
                  "status": "affected",
                  "version": "6.5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Harry Sintonen"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-11T07:34:29.539Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2024-11053.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2024-11053.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/2829063"
            }
          ],
          "title": "netrc and redirect credential leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2024-11053",
        "datePublished": "2024-12-11T07:34:29.539Z",
        "dateReserved": "2024-11-09T18:41:55.703Z",
        "dateUpdated": "2025-11-03T20:36:27.027Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-33601 (GCVE-0-2024-33601)

    Vulnerability from cvelistv5 – Published: 2024-05-06 19:22 – Updated: 2026-05-12 11:51
    VLAI
    Title
    nscd: netgroup cache may terminate daemon on memory allocation failure
    Summary
    nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "glibc",
                "vendor": "gnu",
                "versions": [
                  {
                    "lessThan": "2.40",
                    "status": "affected",
                    "version": "2.15",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33601",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-09T17:26:01.322253Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-18T13:55:13.348Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:36:04.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240524-0014/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T11:51:47.108Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "glibc",
              "vendor": "The GNU C Library",
              "versions": [
                {
                  "lessThan": "2.40",
                  "status": "affected",
                  "version": "2.15",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003enscd: netgroup cache may terminate daemon on memory allocation failure\u003cbr\u003e\u003cbr\u003eThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\u003cbr\u003exrealloc and these functions may terminate the process due to a memory\u003cbr\u003eallocation failure resulting in a denial of service to the clients.  The\u003cbr\u003eflaw was introduced in glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients.  The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-22T18:06:12.587Z",
            "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
            "shortName": "glibc"
          },
          "references": [
            {
              "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240524-0014/"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "nscd: netgroup cache may terminate daemon on memory allocation failure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "assignerShortName": "glibc",
        "cveId": "CVE-2024-33601",
        "datePublished": "2024-05-06T19:22:07.763Z",
        "dateReserved": "2024-04-24T20:35:08.340Z",
        "dateUpdated": "2026-05-12T11:51:47.108Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-33600 (GCVE-0-2024-33600)

    Vulnerability from cvelistv5 – Published: 2024-05-06 19:22 – Updated: 2026-05-12 11:51
    VLAI
    Title
    nscd: Null pointer crashes after notfound response
    Summary
    nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33600",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-07T19:13:16.760599Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T14:41:14.484Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:36:04.168Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240524-0013/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T11:51:45.819Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "glibc",
              "vendor": "The GNU C Library",
              "versions": [
                {
                  "lessThan": "2.40",
                  "status": "affected",
                  "version": "2.15",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003enscd: Null pointer crashes after notfound response\u003cbr\u003e\u003cbr\u003eIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\u003cbr\u003enetgroup response to the cache, the client request can result in a null\u003cbr\u003epointer dereference.  This flaw was introduced in glibc 2.15 when the\u003cbr\u003ecache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference.  This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-129",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-129 Pointer Manipulation"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-22T18:06:08.949Z",
            "orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
            "shortName": "glibc"
          },
          "references": [
            {
              "url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240524-0013/"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "nscd: Null pointer crashes after notfound response",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
        "assignerShortName": "glibc",
        "cveId": "CVE-2024-33600",
        "datePublished": "2024-05-06T19:22:02.726Z",
        "dateReserved": "2024-04-24T20:35:08.340Z",
        "dateUpdated": "2026-05-12T11:51:45.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-26735 (GCVE-0-2024-26735)

    Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2026-05-11 20:03
    VLAI
    Title
    ipv6: sr: fix possible use-after-free and null-ptr-deref
    Summary
    In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering the generic netlink family.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa , < 953f42934533c151f440cd32390044d2396b87aa (git)
    Affected: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa , < 82831e3ff76ef09fb184eb93b79a3eb3fb284f1d (git)
    Affected: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa , < 65c38f23d10ff79feea1e5d50b76dc7af383c1e6 (git)
    Affected: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa , < 91b020aaa1e59bfb669d34c968e3db3d5416bcee (git)
    Affected: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa , < 8391b9b651cfdf80ab0f1dc4a489f9d67386e197 (git)
    Affected: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa , < 9e02973dbc6a91e40aa4f5d87b8c47446fbfce44 (git)
    Affected: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa , < 02b08db594e8218cfbc0e4680d4331b457968a9b (git)
    Affected: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa , < 5559cea2d5aa3018a5f00dd2aca3427ba09b386b (git)
    Create a notification for this product.
    Linux Linux Affected: 4.10
    Unaffected: 0 , < 4.10 (semver)
    Unaffected: 4.19.308 , ≤ 4.19.* (semver)
    Unaffected: 5.4.270 , ≤ 5.4.* (semver)
    Unaffected: 5.10.211 , ≤ 5.10.* (semver)
    Unaffected: 5.15.150 , ≤ 5.15.* (semver)
    Unaffected: 6.1.80 , ≤ 6.1.* (semver)
    Unaffected: 6.6.19 , ≤ 6.6.* (semver)
    Unaffected: 6.7.7 , ≤ 6.7.* (semver)
    Unaffected: 6.8 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26735",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-16T14:17:44.078376Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:01:54.331Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-11-01T17:03:12.597Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20241101-0012/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "net/ipv6/seg6.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "953f42934533c151f440cd32390044d2396b87aa",
                  "status": "affected",
                  "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
                  "versionType": "git"
                },
                {
                  "lessThan": "82831e3ff76ef09fb184eb93b79a3eb3fb284f1d",
                  "status": "affected",
                  "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
                  "versionType": "git"
                },
                {
                  "lessThan": "65c38f23d10ff79feea1e5d50b76dc7af383c1e6",
                  "status": "affected",
                  "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
                  "versionType": "git"
                },
                {
                  "lessThan": "91b020aaa1e59bfb669d34c968e3db3d5416bcee",
                  "status": "affected",
                  "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
                  "versionType": "git"
                },
                {
                  "lessThan": "8391b9b651cfdf80ab0f1dc4a489f9d67386e197",
                  "status": "affected",
                  "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
                  "versionType": "git"
                },
                {
                  "lessThan": "9e02973dbc6a91e40aa4f5d87b8c47446fbfce44",
                  "status": "affected",
                  "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
                  "versionType": "git"
                },
                {
                  "lessThan": "02b08db594e8218cfbc0e4680d4331b457968a9b",
                  "status": "affected",
                  "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
                  "versionType": "git"
                },
                {
                  "lessThan": "5559cea2d5aa3018a5f00dd2aca3427ba09b386b",
                  "status": "affected",
                  "version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "net/ipv6/seg6.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.10"
                },
                {
                  "lessThan": "4.10",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.19.*",
                  "status": "unaffected",
                  "version": "4.19.308",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.4.*",
                  "status": "unaffected",
                  "version": "5.4.270",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.211",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.150",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.80",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.19",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.7.*",
                  "status": "unaffected",
                  "version": "6.7.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "6.8",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.19.308",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.4.270",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.211",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.150",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.80",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.19",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.7",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.8",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix possible use-after-free and null-ptr-deref\n\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:03:08.357Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa"
            },
            {
              "url": "https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d"
            },
            {
              "url": "https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6"
            },
            {
              "url": "https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee"
            },
            {
              "url": "https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197"
            },
            {
              "url": "https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44"
            },
            {
              "url": "https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b"
            },
            {
              "url": "https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b"
            }
          ],
          "title": "ipv6: sr: fix possible use-after-free and null-ptr-deref",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2024-26735",
        "datePublished": "2024-04-03T17:00:21.972Z",
        "dateReserved": "2024-02-19T14:20:24.165Z",
        "dateUpdated": "2026-05-11T20:03:08.357Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-26733 (GCVE-0-2024-26733)

    Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2026-05-11 20:03
    VLAI
    Title
    arp: Prevent overflow in arp_req_get().
    Summary
    In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data. The arp_ha here is struct sockaddr, not struct sockaddr_storage, so the sa_data buffer is just 14 bytes. In the splat below, 2 bytes are overflown to the next int field, arp_flags. We initialise the field just after the memcpy(), so it's not a problem. However, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN), arp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL) in arp_ioctl() before calling arp_req_get(). To avoid the overflow, let's limit the max length of memcpy(). Note that commit b5f0de6df6dc ("net: dev: Convert sa_data to flexible array in struct sockaddr") just silenced syzkaller. [0]: memcpy: detected field-spanning write (size 16) of single field "r->arp_ha.sa_data" at net/ipv4/arp.c:1128 (size 14) WARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Modules linked in: CPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014 RIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Code: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6 RSP: 0018:ffffc900050b7998 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001 RBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000 R13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010 FS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261 inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981 sock_do_ioctl+0xdf/0x260 net/socket.c:1204 sock_ioctl+0x3ef/0x650 net/socket.c:1321 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x7f172b262b8d Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d RDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003 RBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000 </TASK>
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 97eaa2955db4120ce6ec2ef123e860bc32232c50 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f119f2325ba70cbfdec701000dcad4d88805d5b0 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a3f2c083cb575d80a7627baf3339e78fedccbb91 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a7d6027790acea24446ddd6632d394096c0f4667 (git)
    Create a notification for this product.
    Linux Linux Affected: 2.6.12
    Unaffected: 0 , < 2.6.12 (semver)
    Unaffected: 5.10.211 , ≤ 5.10.* (semver)
    Unaffected: 5.15.150 , ≤ 5.15.* (semver)
    Unaffected: 6.1.80 , ≤ 6.1.* (semver)
    Unaffected: 6.6.19 , ≤ 6.6.* (semver)
    Unaffected: 6.7.7 , ≤ 6.7.* (semver)
    Unaffected: 6.8 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-11-01T17:03:11.240Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20241101-0013/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26733",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T15:52:00.464269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-11T17:33:20.304Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "net/ipv4/arp.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "97eaa2955db4120ce6ec2ef123e860bc32232c50",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "f119f2325ba70cbfdec701000dcad4d88805d5b0",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "a3f2c083cb575d80a7627baf3339e78fedccbb91",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "a7d6027790acea24446ddd6632d394096c0f4667",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "net/ipv4/arp.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6.12"
                },
                {
                  "lessThan": "2.6.12",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.211",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.150",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.80",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.19",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.7.*",
                  "status": "unaffected",
                  "version": "6.7.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "6.8",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.211",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.150",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.80",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.19",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.7",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.8",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: Prevent overflow in arp_req_get().\n\nsyzkaller reported an overflown write in arp_req_get(). [0]\n\nWhen ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour\nentry and copies neigh-\u003eha to struct arpreq.arp_ha.sa_data.\n\nThe arp_ha here is struct sockaddr, not struct sockaddr_storage, so\nthe sa_data buffer is just 14 bytes.\n\nIn the splat below, 2 bytes are overflown to the next int field,\narp_flags.  We initialise the field just after the memcpy(), so it\u0027s\nnot a problem.\n\nHowever, when dev-\u003eaddr_len is greater than 22 (e.g. MAX_ADDR_LEN),\narp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL)\nin arp_ioctl() before calling arp_req_get().\n\nTo avoid the overflow, let\u0027s limit the max length of memcpy().\n\nNote that commit b5f0de6df6dc (\"net: dev: Convert sa_data to flexible\narray in struct sockaddr\") just silenced syzkaller.\n\n[0]:\nmemcpy: detected field-spanning write (size 16) of single field \"r-\u003earp_ha.sa_data\" at net/ipv4/arp.c:1128 (size 14)\nWARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nModules linked in:\nCPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014\nRIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nCode: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb \u003c0f\u003e 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6\nRSP: 0018:ffffc900050b7998 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001\nRBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000\nR13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010\nFS:  00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261\n inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981\n sock_do_ioctl+0xdf/0x260 net/socket.c:1204\n sock_ioctl+0x3ef/0x650 net/socket.c:1321\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x64/0xce\nRIP: 0033:0x7f172b262b8d\nCode: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d\nRDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003\nRBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000\n \u003c/TASK\u003e"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T20:03:05.779Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587"
            },
            {
              "url": "https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50"
            },
            {
              "url": "https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0"
            },
            {
              "url": "https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91"
            },
            {
              "url": "https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a"
            },
            {
              "url": "https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667"
            }
          ],
          "title": "arp: Prevent overflow in arp_req_get().",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2024-26733",
        "datePublished": "2024-04-03T17:00:20.437Z",
        "dateReserved": "2024-02-19T14:20:24.165Z",
        "dateUpdated": "2026-05-11T20:03:05.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-2379 (GCVE-0-2024-2379)

    Vulnerability from cvelistv5 – Published: 2024-03-27 07:56 – Updated: 2025-02-13 17:39
    VLAI
    Title
    QUIC certificate check bypass with wolfSSL
    Summary
    libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Create a notification for this product.
    Credits
    Dexter Gerig Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "json",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://curl.se/docs/CVE-2024-2379.json"
              },
              {
                "name": "www",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://curl.se/docs/CVE-2024-2379.html"
              },
              {
                "name": "issue",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/2410774"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/03/27/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240531-0001/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214119"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214118"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214120"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/19"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T17:42:40.991655Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-14T19:51:37.916Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dexter Gerig"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T22:06:15.682Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2024-2379.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2024-2379.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/2410774"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/03/27/2"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240531-0001/"
            },
            {
              "url": "https://support.apple.com/kb/HT214119"
            },
            {
              "url": "https://support.apple.com/kb/HT214118"
            },
            {
              "url": "https://support.apple.com/kb/HT214120"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jul/20"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jul/19"
            }
          ],
          "title": "QUIC certificate check bypass with wolfSSL"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2024-2379",
        "datePublished": "2024-03-27T07:56:41.158Z",
        "dateReserved": "2024-03-11T14:39:01.543Z",
        "dateUpdated": "2025-02-13T17:39:51.599Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2398 (GCVE-0-2024-2398)

    Vulnerability from cvelistv5 – Published: 2024-03-27 07:55 – Updated: 2025-02-13 17:40
    VLAI
    Title
    HTTP/2 push headers memory-leak
    Summary
    When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Create a notification for this product.
    curl curl Affected: 7.44.0 , ≤ 8.6.0 (custom)
        cpe:2.3:a:curl:curl:7.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    w0x42 on hackerone Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:curl:curl:7.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "curl",
                "vendor": "curl",
                "versions": [
                  {
                    "lessThanOrEqual": "8.6.0",
                    "status": "affected",
                    "version": "7.44.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 8.6,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2398",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-26T18:57:39.256472Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:30:40.286Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "json",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://curl.se/docs/CVE-2024-2398.json"
              },
              {
                "name": "www",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://curl.se/docs/CVE-2024-2398.html"
              },
              {
                "name": "issue",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/2402845"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/03/27/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240503-0009/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214119"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214118"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214120"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/19"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "w0x42 on hackerone"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.  Further, this error condition fails silently and is therefore not easily detected by an application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-772 Missing Release of Resource after Effective Lifetime",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-29T22:06:29.645Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2024-2398.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2024-2398.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/2402845"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/03/27/3"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240503-0009/"
            },
            {
              "url": "https://support.apple.com/kb/HT214119"
            },
            {
              "url": "https://support.apple.com/kb/HT214118"
            },
            {
              "url": "https://support.apple.com/kb/HT214120"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jul/20"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jul/19"
            }
          ],
          "title": "HTTP/2 push headers memory-leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2024-2398",
        "datePublished": "2024-03-27T07:55:48.524Z",
        "dateReserved": "2024-03-12T10:59:22.660Z",
        "dateUpdated": "2025-02-13T17:40:07.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-26633 (GCVE-0-2024-26633)

    Vulnerability from cvelistv5 – Published: 2024-03-18 10:07 – Updated: 2026-05-23 15:36
    VLAI
    Title
    ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
    Summary
    In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->head. Currently we might access garbage. [1] BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027 kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582 pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098 __pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655 pskb_may_pull_reason include/linux/skbuff.h:2673 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] ip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendms ---truncated---
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 135414f300c5db995e2a2f3bf0f455de9d014aee (git)
    Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 3f15ba3dc14e6ee002ea01b4faddc3d49200377c (git)
    Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < da23bd709b46168f7dfc36055801011222b076cd (git)
    Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 4329426cf6b8e22b798db2331c7ef1dd2a9c748d (git)
    Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 62a1fedeb14c7ac0947ef33fadbabd35ed2400a2 (git)
    Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < 687c5d52fe53e602e76826dbd4d7af412747e183 (git)
    Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < ba8d904c274268b18ef3dc11d3ca7b24a96cb087 (git)
    Affected: fbfa743a9d2a0ffa24251764f10afc13eb21e739 , < d375b98e0248980681e5e56b712026174d617198 (git)
    Affected: a6f6bb6bc04a5f88a31f47a6123d3fbf5ee8d694 (git)
    Affected: 72bbf335e7aad09c88c50dbdd238f4faabd12174 (git)
    Affected: decccc92ee0a978a1c268b5df16824cb6384ed3c (git)
    Affected: d3d9b59ab32160e3cc4edcf7e5fa7cecb53a7d25 (git)
    Affected: d397f7035d2c754781bbe93b07b94d8cd898620c (git)
    Affected: 41e07a7e01d951cfd4c9a7dac90c921269d89513 (git)
    Affected: a7fe4e5d06338e1a82b1977eca37400951f99730 (git)
    Affected: 3.2.87 , < 3.3 (semver)
    Affected: 3.10.106 , < 3.11 (semver)
    Affected: 3.12.71 , < 3.13 (semver)
    Affected: 3.16.42 , < 3.17 (semver)
    Affected: 3.18.49 , < 3.19 (semver)
    Affected: 4.4.50 , < 4.5 (semver)
    Affected: 4.9.11 , < 4.10 (semver)
    Create a notification for this product.
    Linux Linux Affected: 4.10
    Unaffected: 0 , < 4.10 (semver)
    Unaffected: 4.19.306 , ≤ 4.19.* (semver)
    Unaffected: 5.4.268 , ≤ 5.4.* (semver)
    Unaffected: 5.10.209 , ≤ 5.10.* (semver)
    Unaffected: 5.15.148 , ≤ 5.15.* (semver)
    Unaffected: 6.1.75 , ≤ 6.1.* (semver)
    Unaffected: 6.6.14 , ≤ 6.6.* (semver)
    Unaffected: 6.7.2 , ≤ 6.7.* (semver)
    Unaffected: 6.8 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26633",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-18T19:01:45.822242Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-05T17:13:27.539Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-12-20T13:06:42.426Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/135414f300c5db995e2a2f3bf0f455de9d014aee"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/3f15ba3dc14e6ee002ea01b4faddc3d49200377c"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/4329426cf6b8e22b798db2331c7ef1dd2a9c748d"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/62a1fedeb14c7ac0947ef33fadbabd35ed2400a2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/687c5d52fe53e602e76826dbd4d7af412747e183"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/ba8d904c274268b18ef3dc11d3ca7b24a96cb087"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/d375b98e0248980681e5e56b712026174d617198"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20241220-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "net/ipv6/ip6_tunnel.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "135414f300c5db995e2a2f3bf0f455de9d014aee",
                  "status": "affected",
                  "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
                  "versionType": "git"
                },
                {
                  "lessThan": "3f15ba3dc14e6ee002ea01b4faddc3d49200377c",
                  "status": "affected",
                  "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
                  "versionType": "git"
                },
                {
                  "lessThan": "da23bd709b46168f7dfc36055801011222b076cd",
                  "status": "affected",
                  "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
                  "versionType": "git"
                },
                {
                  "lessThan": "4329426cf6b8e22b798db2331c7ef1dd2a9c748d",
                  "status": "affected",
                  "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
                  "versionType": "git"
                },
                {
                  "lessThan": "62a1fedeb14c7ac0947ef33fadbabd35ed2400a2",
                  "status": "affected",
                  "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
                  "versionType": "git"
                },
                {
                  "lessThan": "687c5d52fe53e602e76826dbd4d7af412747e183",
                  "status": "affected",
                  "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
                  "versionType": "git"
                },
                {
                  "lessThan": "ba8d904c274268b18ef3dc11d3ca7b24a96cb087",
                  "status": "affected",
                  "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
                  "versionType": "git"
                },
                {
                  "lessThan": "d375b98e0248980681e5e56b712026174d617198",
                  "status": "affected",
                  "version": "fbfa743a9d2a0ffa24251764f10afc13eb21e739",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "a6f6bb6bc04a5f88a31f47a6123d3fbf5ee8d694",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "72bbf335e7aad09c88c50dbdd238f4faabd12174",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "decccc92ee0a978a1c268b5df16824cb6384ed3c",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "d3d9b59ab32160e3cc4edcf7e5fa7cecb53a7d25",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "d397f7035d2c754781bbe93b07b94d8cd898620c",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "41e07a7e01d951cfd4c9a7dac90c921269d89513",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "a7fe4e5d06338e1a82b1977eca37400951f99730",
                  "versionType": "git"
                },
                {
                  "lessThan": "3.3",
                  "status": "affected",
                  "version": "3.2.87",
                  "versionType": "semver"
                },
                {
                  "lessThan": "3.11",
                  "status": "affected",
                  "version": "3.10.106",
                  "versionType": "semver"
                },
                {
                  "lessThan": "3.13",
                  "status": "affected",
                  "version": "3.12.71",
                  "versionType": "semver"
                },
                {
                  "lessThan": "3.17",
                  "status": "affected",
                  "version": "3.16.42",
                  "versionType": "semver"
                },
                {
                  "lessThan": "3.19",
                  "status": "affected",
                  "version": "3.18.49",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.5",
                  "status": "affected",
                  "version": "4.4.50",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.10",
                  "status": "affected",
                  "version": "4.9.11",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "net/ipv6/ip6_tunnel.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.10"
                },
                {
                  "lessThan": "4.10",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.19.*",
                  "status": "unaffected",
                  "version": "4.19.306",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.4.*",
                  "status": "unaffected",
                  "version": "5.4.268",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.209",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.148",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.75",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.14",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.7.*",
                  "status": "unaffected",
                  "version": "6.7.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "6.8",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.19.306",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.4.268",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.209",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.148",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.75",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.14",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.2",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.8",
                      "versionStartIncluding": "4.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "3.2.87",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "3.10.106",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "3.12.71",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "3.16.42",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "3.18.49",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "4.4.50",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "4.9.11",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()\n\nsyzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken.\n\nReading frag_off can only be done if we pulled enough bytes\nto skb-\u003ehead. Currently we might access garbage.\n\n[1]\nBUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0\nip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0\nipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]\nip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432\n__netdev_start_xmit include/linux/netdevice.h:4940 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4954 [inline]\nxmit_one net/core/dev.c:3548 [inline]\ndev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\nneigh_connected_output+0x569/0x660 net/core/neighbour.c:1592\nneigh_output include/net/neighbour.h:542 [inline]\nip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137\nip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222\nNF_HOOK_COND include/linux/netfilter.h:303 [inline]\nip6_output+0x323/0x610 net/ipv6/ip6_output.c:243\ndst_output include/net/dst.h:451 [inline]\nip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155\nip6_send_skb net/ipv6/ip6_output.c:1952 [inline]\nip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972\nrawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582\nrawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920\ninet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg net/socket.c:745 [inline]\n____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n__sys_sendmsg net/socket.c:2667 [inline]\n__do_sys_sendmsg net/socket.c:2676 [inline]\n__se_sys_sendmsg net/socket.c:2674 [inline]\n__x64_sys_sendmsg+0x307/0x490 net/socket.c:2674\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\nslab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\nslab_alloc_node mm/slub.c:3478 [inline]\n__kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517\n__do_kmalloc_node mm/slab_common.c:1006 [inline]\n__kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027\nkmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582\npskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098\n__pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655\npskb_may_pull_reason include/linux/skbuff.h:2673 [inline]\npskb_may_pull include/linux/skbuff.h:2681 [inline]\nip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408\nipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]\nip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432\n__netdev_start_xmit include/linux/netdevice.h:4940 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4954 [inline]\nxmit_one net/core/dev.c:3548 [inline]\ndev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\nneigh_connected_output+0x569/0x660 net/core/neighbour.c:1592\nneigh_output include/net/neighbour.h:542 [inline]\nip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137\nip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222\nNF_HOOK_COND include/linux/netfilter.h:303 [inline]\nip6_output+0x323/0x610 net/ipv6/ip6_output.c:243\ndst_output include/net/dst.h:451 [inline]\nip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155\nip6_send_skb net/ipv6/ip6_output.c:1952 [inline]\nip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972\nrawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582\nrawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920\ninet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg net/socket.c:745 [inline]\n____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n__sys_sendmsg net/socket.c:2667 [inline]\n__do_sys_sendms\n---truncated---"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-23T15:36:13.795Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/135414f300c5db995e2a2f3bf0f455de9d014aee"
            },
            {
              "url": "https://git.kernel.org/stable/c/3f15ba3dc14e6ee002ea01b4faddc3d49200377c"
            },
            {
              "url": "https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd"
            },
            {
              "url": "https://git.kernel.org/stable/c/4329426cf6b8e22b798db2331c7ef1dd2a9c748d"
            },
            {
              "url": "https://git.kernel.org/stable/c/62a1fedeb14c7ac0947ef33fadbabd35ed2400a2"
            },
            {
              "url": "https://git.kernel.org/stable/c/687c5d52fe53e602e76826dbd4d7af412747e183"
            },
            {
              "url": "https://git.kernel.org/stable/c/ba8d904c274268b18ef3dc11d3ca7b24a96cb087"
            },
            {
              "url": "https://git.kernel.org/stable/c/d375b98e0248980681e5e56b712026174d617198"
            }
          ],
          "title": "ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2024-26633",
        "datePublished": "2024-03-18T10:07:49.468Z",
        "dateReserved": "2024-02-19T14:20:24.136Z",
        "dateUpdated": "2026-05-23T15:36:13.795Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-52585 (GCVE-0-2023-52585)

    Vulnerability from cvelistv5 – Published: 2024-03-06 06:45 – Updated: 2026-05-11 19:29
    VLAI
    Title
    drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()
    Summary
    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176)
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 467139546f3fb93913de064461b1a43a212d7626 (git)
    Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 0eb296233f86750102aa43b97879b8d8311f249a (git)
    Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 7e6d6f27522bcd037856234b720ff607b9c4a09b (git)
    Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 92cb363d16ac1e41c9764cdb513d0e89a6ff4915 (git)
    Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < c364e7a34c85c2154fb2e47561965d5b5a0b69b1 (git)
    Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 195a6289282e039024ad30ba66e6f94a4d0fbe49 (git)
    Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < b8d55a90fd55b767c25687747e2b24abd1ef8680 (git)
    Create a notification for this product.
    Linux Linux Affected: 4.2
    Unaffected: 0 , < 4.2 (semver)
    Unaffected: 5.4.277 , ≤ 5.4.* (semver)
    Unaffected: 5.10.218 , ≤ 5.10.* (semver)
    Unaffected: 5.15.160 , ≤ 5.15.* (semver)
    Unaffected: 6.1.92 , ≤ 6.1.* (semver)
    Unaffected: 6.6.32 , ≤ 6.6.* (semver)
    Unaffected: 6.7.4 , ≤ 6.7.* (semver)
    Unaffected: 6.8 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-52585",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-06T15:58:01.323059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-476",
                    "description": "CWE-476 NULL Pointer Dereference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:09:44.599Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-12T16:02:56.000Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20240912-0009/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "467139546f3fb93913de064461b1a43a212d7626",
                  "status": "affected",
                  "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
                  "versionType": "git"
                },
                {
                  "lessThan": "0eb296233f86750102aa43b97879b8d8311f249a",
                  "status": "affected",
                  "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
                  "versionType": "git"
                },
                {
                  "lessThan": "7e6d6f27522bcd037856234b720ff607b9c4a09b",
                  "status": "affected",
                  "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
                  "versionType": "git"
                },
                {
                  "lessThan": "92cb363d16ac1e41c9764cdb513d0e89a6ff4915",
                  "status": "affected",
                  "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
                  "versionType": "git"
                },
                {
                  "lessThan": "c364e7a34c85c2154fb2e47561965d5b5a0b69b1",
                  "status": "affected",
                  "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
                  "versionType": "git"
                },
                {
                  "lessThan": "195a6289282e039024ad30ba66e6f94a4d0fbe49",
                  "status": "affected",
                  "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
                  "versionType": "git"
                },
                {
                  "lessThan": "b8d55a90fd55b767c25687747e2b24abd1ef8680",
                  "status": "affected",
                  "version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.2"
                },
                {
                  "lessThan": "4.2",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.4.*",
                  "status": "unaffected",
                  "version": "5.4.277",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.218",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.160",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.32",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.7.*",
                  "status": "unaffected",
                  "version": "6.7.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "6.8",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.4.277",
                      "versionStartIncluding": "4.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.218",
                      "versionStartIncluding": "4.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.160",
                      "versionStartIncluding": "4.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.92",
                      "versionStartIncluding": "4.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.32",
                      "versionStartIncluding": "4.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.4",
                      "versionStartIncluding": "4.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.8",
                      "versionStartIncluding": "4.2",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()\n\nReturn invalid error code -EINVAL for invalid block id.\n\nFixes the below:\n\ndrivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed \u0027info\u0027 could be null (see line 1176)"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T19:29:44.748Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626"
            },
            {
              "url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a"
            },
            {
              "url": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b"
            },
            {
              "url": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915"
            },
            {
              "url": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1"
            },
            {
              "url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49"
            },
            {
              "url": "https://git.kernel.org/stable/c/b8d55a90fd55b767c25687747e2b24abd1ef8680"
            }
          ],
          "title": "drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2023-52585",
        "datePublished": "2024-03-06T06:45:20.389Z",
        "dateReserved": "2024-03-02T21:55:42.570Z",
        "dateUpdated": "2026-05-11T19:29:44.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-26458 (GCVE-0-2024-26458)

    Vulnerability from cvelistv5 – Published: 2024-02-26 00:00 – Updated: 2024-12-06 21:01
    VLAI
    Summary
    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26458",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-29T20:47:58.786706Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-06T21:01:53.155Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:07:19.467Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240415-0010/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-15T15:06:14.610Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240415-0010/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-26458",
        "datePublished": "2024-02-26T00:00:00.000Z",
        "dateReserved": "2024-02-19T00:00:00.000Z",
        "dateUpdated": "2024-12-06T21:01:53.155Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-26461 (GCVE-0-2024-26461)

    Vulnerability from cvelistv5 – Published: 2024-02-26 00:00 – Updated: 2024-08-14 15:15
    VLAI
    Summary
    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    mit kerberos_5 Affected: 1.21.2
        cpe:2.3:a:mit:kerberos_5:1.21.2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:07:19.361Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240415-0011/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mit:kerberos_5:1.21.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "kerberos_5",
                "vendor": "mit",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.21.2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26461",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T15:09:48.143388Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-14T15:15:42.206Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-15T15:06:17.596Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240415-0011/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-26461",
        "datePublished": "2024-02-26T00:00:00.000Z",
        "dateReserved": "2024-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-14T15:15:42.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-26462 (GCVE-0-2024-26462)

    Vulnerability from cvelistv5 – Published: 2024-02-26 00:00 – Updated: 2025-03-25 20:05
    VLAI
    Summary
    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-26462",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T20:04:17.090842Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-401",
                    "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T20:05:04.705Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:07:19.501Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240415-0012/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-15T15:06:05.191Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240415-0012/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-26462",
        "datePublished": "2024-02-26T00:00:00.000Z",
        "dateReserved": "2024-02-19T00:00:00.000Z",
        "dateUpdated": "2025-03-25T20:05:04.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36879 (GCVE-0-2022-36879)

    Vulnerability from cvelistv5 – Published: 2022-07-27 03:27 – Updated: 2025-05-05 16:13
    VLAI
    Summary
    An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • NVD-CWE-Other
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:14:29.394Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901"
              },
              {
                "name": "DSA-5207",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5207"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220901-0007/"
              },
              {
                "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
              },
              {
                "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36879",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:20:30.313688Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "NVD-CWE-Other",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T16:13:47.182Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-02T18:06:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901"
            },
            {
              "name": "DSA-5207",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5207"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220901-0007/"
            },
            {
              "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-36879",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901",
                  "refsource": "MISC",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901",
                  "refsource": "MISC",
                  "url": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901"
                },
                {
                  "name": "DSA-5207",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5207"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220901-0007/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220901-0007/"
                },
                {
                  "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
                },
                {
                  "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-36879",
        "datePublished": "2022-07-27T03:27:41.000Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-05-05T16:13:47.182Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2068 (GCVE-0-2022-2068)

    Vulnerability from cvelistv5 – Published: 2022-06-21 14:45 – Updated: 2025-12-30 04:55
    VLAI
    Title
    The c_rehash script allows command injection
    Summary
    In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Command injection
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OpenSSL OpenSSL Affected: Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3)
    Affected: Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o)
    Affected: Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)
    Create a notification for this product.
    Date Public
    2022-06-21 00:00
    Credits
    Chancen (Qingteng 73lab)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:45:47.155Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://gitlab.com/fraf0/cve-2022-1292-re_score-analysis"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20220621.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"
              },
              {
                "name": "DSA-5169",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5169"
              },
              {
                "name": "FEDORA-2022-3b7d0abd0b",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220707-0008/"
              },
              {
                "name": "FEDORA-2022-41890e9e44",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2024/Nov/0"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2068",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-07-21T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T04:55:27.130Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenSSL",
              "vendor": "OpenSSL",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3)"
                },
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o)"
                },
                {
                  "status": "affected",
                  "version": "Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chancen (Qingteng 73lab)"
            }
          ],
          "datePublic": "2022-06-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "lang": "eng",
                  "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
                  "value": "Moderate"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-10T00:00:00.000Z",
            "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            "shortName": "openssl"
          },
          "references": [
            {
              "url": "https://www.openssl.org/news/secadv/20220621.txt"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7"
            },
            {
              "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"
            },
            {
              "name": "DSA-5169",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5169"
            },
            {
              "name": "FEDORA-2022-3b7d0abd0b",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220707-0008/"
            },
            {
              "name": "FEDORA-2022-41890e9e44",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
            }
          ],
          "title": "The c_rehash script allows command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "assignerShortName": "openssl",
        "cveId": "CVE-2022-2068",
        "datePublished": "2022-06-21T14:45:20.597Z",
        "dateReserved": "2022-06-13T00:00:00.000Z",
        "dateUpdated": "2025-12-30T04:55:27.130Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }