cve 2024 2398

CVE-2024-2398 is a memory leak vulnerability in the curl library affecting HTTP/2 server push. When a pushed stream exceeds libcurl's header limit and is aborted, previously allocated header memory is not freed, potentially leaking multiple megabytes per response. The leak occurs silently unless the application monitors memory usage. Microsoft's advisory confirms that Azure Linux includes an affected libcurl variant and is therefore potentially impacted. Discussions on WindowsForum cover the technical details of the bug, its exploitation risk, and mitigation steps such as updating curl or disabling HTTP/2 push. The tag aggregates threads about this specific CVE, its implications for enterprise environments, and related security updates.