Hello
The vulnerability identified as CVE-2024-2398 is related to the curl project and is specifically about a memory leak issue with HTTP/2 push headers. This issue was reported to the curl project on March 5, 2024.
The recommended solutions for this vulnerability are:
Upgrade curl to version 8.7.0
Apply the patch to your local version
Make sure HTTP/2 push is not used
The curl project released version 8.7.0, which includes the fix for this vulnerability, on March 27, 2024. Therefore, if you’re using a version of curl between 7.44.0 and 8.6.0, it’s recommended to upgrade to version 8.7.0 or later.