what is the schedule for patching: CVE-2024-2398

Malik 25 Reputation points
2024-05-15T13:00:43+00:00

Hi, we would like to know. what is the schedule or ETA patching: CVE-2024-2398 

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
{count} votes

1 answer

Sort by: Most helpful
  1. Wesley Li 11,275 Reputation points
    2024-05-15T17:16:01.6466667+00:00

    Hello

    The vulnerability identified as CVE-2024-2398 is related to the curl project and is specifically about a memory leak issue with HTTP/2 push headers. This issue was reported to the curl project on March 5, 2024.

    The recommended solutions for this vulnerability are:

    Upgrade curl to version 8.7.0

    Apply the patch to your local version

    Make sure HTTP/2 push is not used

    The curl project released version 8.7.0, which includes the fix for this vulnerability, on March 27, 2024. Therefore, if you’re using a version of curl between 7.44.0 and 8.6.0, it’s recommended to upgrade to version 8.7.0 or later.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.