Search for vulnerabilities
Vulnerability details: VCID-1ard-hhvx-aaab
Vulnerability ID VCID-1ard-hhvx-aaab
Aliases CVE-2024-2004
Summary When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.
Status Published
Exploitability 0.5
Weighted Severity 4.8
Risk 2.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-115 Misinterpretation of Input
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2004.json
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00465 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00465 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00465 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00601 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00617 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00617 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00617 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00832 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00832 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.00832 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.01471 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.01471 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.01471 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.01471 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.01471 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.01471 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.01471 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.01471 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.01471 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.01471 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.01471 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.01471 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.01471 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.01471 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
epss 0.02837 https://api.first.org/data/v1/epss?cve=CVE-2024-2004
cvssv3.1 Low https://curl.se/docs/CVE-2024-2004.html
cvssv3.1 3.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2004.json
https://api.first.org/data/v1/epss?cve=CVE-2024-2004
https://curl.se/docs/CVE-2024-2004.html
https://curl.se/docs/CVE-2024-2004.json
http://seclists.org/fulldisclosure/2024/Jul/18
http://seclists.org/fulldisclosure/2024/Jul/19
http://seclists.org/fulldisclosure/2024/Jul/20
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/2384833
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/
https://security.netapp.com/advisory/ntap-20240524-0006/
https://support.apple.com/kb/HT214118
https://support.apple.com/kb/HT214119
https://support.apple.com/kb/HT214120
http://www.openwall.com/lists/oss-security/2024/03/27/1
2270500 https://bugzilla.redhat.com/show_bug.cgi?id=2270500
CVE-2024-2004 https://nvd.nist.gov/vuln/detail/CVE-2024-2004
GLSA-202409-20 https://security.gentoo.org/glsa/202409-20
RHSA-2024:2693 https://access.redhat.com/errata/RHSA-2024:2693
RHSA-2024:2694 https://access.redhat.com/errata/RHSA-2024:2694
USN-6718-1 https://usn.ubuntu.com/6718-1/
USN-6718-3 https://usn.ubuntu.com/6718-3/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2004.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.18115
EPSS Score 0.00046
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-04-23T17:18:12.354554+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-2004 34.0.0rc4