CVE-2024-9681

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Nov 6, 2024

Summary

CVE-2024-9681 is a vulnerability in curl that can cause premature expiration or delayed renewal of HSTS (HTTP Strict Transport Security) cache entries. When curl encounters a subdomain with a shorter HSTS expiry time than its parent domain, it may inadvertently apply the subdomain's expiry time to the parent domain's cache entry. This can result in HTTPS access being enforced for a different period than intended, potentially leading to connectivity issues if the parent domain discontinues HTTPS support before the wrongly set expiry time. The vulnerability is triggered when curl uses HSTS with URLs containing both subdomains and their parent domains, and the HSTS cache has been populated manually or through previous HTTPS accesses.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share