curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder Daniel himself.

CVE-2024-7264

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Zac Todd via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 29 Jan 2025 15:06:07 +1100

Hey all,

I've recently had CVE-2024-7264 popping up in CrowdStrike as an open
vulnerability, for a little context I have had very little to do with
this curl stuff.
I found this reddit post that was talking about it recently and was
going to modify the scripts seatec-astonomy linked to remediate the
vuln - https://www.reddit.com/r/sysadmin/comments/1hx9eib/libcurl_vulnerability_in_office_and_teams/?rdt=37291&sort=new

Is simply having the affected version of the libcurl.dll file enough
to make a computer vulnerable or does it also require the specific
backend before it is a problem?

If it does require a specific backend, how can I determine if that
backend is being used in order to remediate the threats?

I appreciate any assistance that can be provided.

Cheers,
Zac

-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Received on 2025-01-29

This message: [ Message body ]
Next message: Daniel Stenberg via curl-library: "Re: CVE-2024-7264"
Previous message: Daniel Stenberg via curl-library: "Re: Libcurl and WebSockets"
Next in thread: Daniel Stenberg via curl-library: "Re: CVE-2024-7264"
Reply: Daniel Stenberg via curl-library: "Re: CVE-2024-7264"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]