Multiple CURL vulnerabilities in Brocade SANnav OVA deployments before SANnav 2.3.1b
25405
13 February 2025
13 February 2025
CLOSED
MEDIUM
Varies
CVE-2024-2398, CVE-2024-2466, CVE-2024-2004, CVE-2024-0853
|
Brocade Security Advisory ID |
BSA-2025-2578 |
|
Component |
Curl |
|
|
|
Summary
Multiple CURL vulnerabilities
- Curl 7.44.0 < 8.7.0 vulnerabilities CVE-2024-2398, CVE-2024-2466, CVE-2024-2004 & CVE-2024-0853
- Curl 7.44.0 < 8.7.0 HTTP/2 Push Headers Memory-leak (CVE-2024-2398)
- Curl 7.85.0 < 8.7.0 Input Misinterpretation (CVE-2024-2004)
- Curl 7.85.0 < 8.7.0 Input Misinterpretation (CVE-2024-2004)
- Curl 8.5.0 < 8.6.0 Security Bypass (CVE-2024-0853)
Products Affected
Brocade SANnav OVA versions before 2.3.1b
Products Not Affected
Brocade FabricOS
- CVE-2024-2398
[VEX Justification: Inline_mitigations_already_exist] - CVE-2024-2466, CVE-2024-2004 and CVE-2024-0853
[VEX Justification: Code_not_present]
Brocade ASCG
[VEX Justification: Component_not_present]
Solution
Security update provided in SANnav 2.3.1b and 2.4.0
SANnav OVA Security update also provided in the sannav_ova_8x_os_12_2024 OVA patch which can be applied to SANnav 2.3.0, 2.3.0a, 2.3.1 and 2.3.1a OVA deployments
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
February 13, 2025 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.