Views:

This vulnerability has been reported to impact the following curl versions and configurations:

  • curl 7.32.0 to and including 8.9.0 
  • In addition, the vulnerable code can only be reached when curl is built to use GnuTLS, Schannel, Secure Transport or mbedTLS. Builds using other TLS backends are not vulnerable.


 

Trend Micro Products/Services Potentially Affected


Trend Micro is currently doing an inventory/investigation to see if any Trend Micro products and/or services may be affected by this vulnerability.

Below is the confirmed list of unaffected products.  Products not listed may still be under investigation, and any additional information will be added here as necessary.
 

 
Several 3rd party vulnerability scanners may flag some of the following products as "affected" by this vulnerability. It is important to note that many, if not all, of these vulnerability scanners only search for library or component versions and DO NOT or CANNOT take into consideration the actual configuration, context and/or scenarios that make a certain component "vulnerable" to a particular exploit.

In our analysis, Trend Micro takes into account the entire scenario necessary to exploit a particular vulnerability in making a determination of whether or not a particular product may be vulnerable to a specific vulnerability.  In this case, any flagging by a 3rd party vulnerability scanner on one of the mentioned products that are marked "Not Affected" should be treated as a False Positive.
 

 

Trend Micro Product/Service Status
Cloud One - Endpoint Workload Security (Deep Security Agent)

Not Affected

(Does not use affected TLS backend) 
Deep Security Agent 

Not Affected

(Does not use affected TLS backend)
Keywords: CVE-2024-7264
Comments (0)