Main Vulnerability Database SB2024111840

SB2024111840 - Ubuntu update for curl

Published: November 18, 2024

Security Bulletin ID SB2024111840

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Comparison using wrong factors (CVE-ID: CVE-2024-9681)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to an error in HSTS cache implementation. When curl is asked to use HSTS, the expiry time for a subdomain can overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This can lead to situations when the website becomes unavailable or force the client to switch to HTTP from HTTP connection earlier than intended.

Remediation

Install update from vendor's website.

References

https://ubuntu.com/security/notices/USN-7104-1