Hey all, I've recently had CVE-2024-7264 popping up in CrowdStrike as an open vulnerability, for a little context I have had very little to do with this curl stuff. I found this reddit post that was talking about it recently and was going to modify the scripts seatec-astonomy linked to remediate the vuln - https://www.reddit.com/r/sysadmin/comments/1hx9eib/libcurl_vulnerability_in_office_and_teams/?rdt=37291&sort=new
Is simply having the affected version of the libcurl.dll file enough to make a computer vulnerable or does it also require the specific backend before it is a problem? If it does require a specific backend, how can I determine if that backend is being used in order to remediate the threats? I appreciate any assistance that can be provided. Cheers, Zac -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
