These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2024-2398 is a memory leak vulnerability in libcurl that occurs when HTTP/2 server push is enabled and the received headers exceed the maximum allowed limit of 1000. When libcurl aborts the server push under this condition, it fails to free all previously allocated headers, resulting in memory leakage. The error condition fails silently, making detection difficult for applications. The vulnerability w [truncated]
libcurl, when built with wolfSSL, contains a flaw in its QUIC connection handling where certificate verification is incorrectly skipped under specific error conditions. If an application requests an unknown or unsupported cipher or curve, the resulting error path fails to perform certificate validation and returns a success status, effectively ignoring certificate problems. This vulnerability affects Siem [truncated]
CVE-2024-2004 is a protocol selection logic flaw in curl that affects Siemens SINEC NMS. When the `--proto` option is used to disable all protocols without subsequently enabling any, the default protocol set incorrectly remains in the allowed set due to an error in the removal logic. This could allow a request to proceed using a protocol that was explicitly disabled, such as plaintext HTTP. The vulnerabil [truncated]