Search for vulnerabilities
Vulnerability details: VCID-k66x-9gtj-j7bp
Vulnerability ID VCID-k66x-9gtj-j7bp
Aliases CVE-2024-9681
Summary When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HTTP://` scheme and perform transfers with hosts like `x.example.com` as well as `example.com` where the first host is a subdomain of the second host. (The HSTS cache either needs to have been populated manually or there needs to have been previous HTTPS accesses done as the cache needs to have entries for the domains involved to trigger this problem.) When `x.example.com` responds with `Strict-Transport-Security:` headers, this bug can make the subdomain's expiry timeout *bleed over* and get set for the parent domain `example.com` in curl's HSTS cache. The result of a triggered bug is that HTTP accesses to `example.com` get converted to HTTPS for a different period of time than what was asked for by the origin server. If `example.com` for example stops supporting HTTPS at its expiry time, curl might then fail to access `http://example.com` until the (wrongly set) timeout expires. This bug can also expire the parent's entry *earlier*, thus making curl inadvertently switch back to insecure HTTP earlier than otherwise intended.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-1025 Comparison Using Wrong Factors
CWE-697 Incorrect Comparison
System Score Found at
cvssv3 3.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9681.json
epss 0.00357 https://api.first.org/data/v1/epss?cve=CVE-2024-9681
epss 0.00357 https://api.first.org/data/v1/epss?cve=CVE-2024-9681
epss 0.00363 https://api.first.org/data/v1/epss?cve=CVE-2024-9681
epss 0.00404 https://api.first.org/data/v1/epss?cve=CVE-2024-9681
epss 0.00404 https://api.first.org/data/v1/epss?cve=CVE-2024-9681
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2024-9681
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2024-9681
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2024-9681
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2024-9681
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2024-9681
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2024-9681
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2024-9681
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2024-9681
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2024-9681
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2024-9681
epss 0.00473 https://api.first.org/data/v1/epss?cve=CVE-2024-9681
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2024-9681
cvssv3.1 5.9 https://curl.se/docs/CVE-2024-9681.html
cvssv3.1 Low https://curl.se/docs/CVE-2024-9681.html
ssvc Track https://curl.se/docs/CVE-2024-9681.html
cvssv3.1 5.9 https://curl.se/docs/CVE-2024-9681.json
ssvc Track https://curl.se/docs/CVE-2024-9681.json
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.9 https://hackerone.com/reports/2764830
ssvc Track https://hackerone.com/reports/2764830
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2024-9681
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9681.json
https://api.first.org/data/v1/epss?cve=CVE-2024-9681
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.netapp.com/advisory/ntap-20241213-0006/
http://www.openwall.com/lists/oss-security/2024/11/06/2
1086804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086804
2322969 https://bugzilla.redhat.com/show_bug.cgi?id=2322969
2764830 https://hackerone.com/reports/2764830
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
CVE-2024-9681 https://nvd.nist.gov/vuln/detail/CVE-2024-9681
CVE-2024-9681.html https://curl.se/docs/CVE-2024-9681.html
CVE-2024-9681.json https://curl.se/docs/CVE-2024-9681.json
USN-7104-1 https://usn.ubuntu.com/7104-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9681.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://curl.se/docs/CVE-2024-9681.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:16:59Z/ Found at https://curl.se/docs/CVE-2024-9681.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://curl.se/docs/CVE-2024-9681.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:16:59Z/ Found at https://curl.se/docs/CVE-2024-9681.json
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://hackerone.com/reports/2764830
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:16:59Z/ Found at https://hackerone.com/reports/2764830
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-9681
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.57273
EPSS Score 0.00357
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:37:24.744993+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.22/main.json 37.0.0