Is DLP vulnerable to CVE-2024-7264 libcurl 7.32.0 < 8.9.1 DoS vulnerability?
Article ID: 376736
Updated On:
Products
Data Loss Prevention Endpoint Prevent
Issue/Introduction
Libcurl version on DLP endpoint agent 16.02 is between 7.32.0 and prior to 8.9.1 and therefore customers want to know if DLP agent is affected by a denial of service (DoS) vulnerability (CVE-2024-7264).
Environment
DLP 15.8 +
Cause
NA
Resolution
DLP Agent and Discover do not make use of the impacted CURLINFO_CERTINFO struct nor invoke parsing on an ASN.1 Generalized Time field and hence DLP is not impacted.
Feedback
Yes
No
Powered by
