Vulnerability Scanner Detection Related to CVE-2024-7264
Support Statement
This Veeam KB article was created to address customers' concerns regarding the detection of the libcurl library by their security software on VMware Backup Proxies, where the VMware VDDK package is installed. Libcurl is a component of VMware VDDK (Virtual Disk Development Kit), which Veeam Backup & Replication redistributes to enable the protection of VMware vSphere environments. Veeam Backup & Replication deploys the VMware VDDK package on VMware Backup Proxies for data movement.
Veeam Backup & Replication is not impacted by the vulnerability within the libcurl library included with VMware VDDK because Veeam Backup & Replication utilizes a separate dedicated curl library, which was updated to version 8.10.1 in Veeam Backup & Replication version 12.3. The libcurl file within the VMware VDDK package is only present because it is included as part of the VDDK library as a whole, and VMware has advised that "There is no risk of data leakage since VDDK does not expose curl's CURLINFO_CERTINFO, which is the component involved in the vulnerability." For this same reason, older versions of Veeam Backup & Replication that may have included old curl libraries are not affected, as Veeam Backup & Replication does not expose curl's CURLINFO_CERTINFO.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Spelling error in text
Thank you!
Your feedback has been received and will be reviewed.
KB Feedback/Suggestion
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Thank you!
Your feedback has been received and will be reviewed.
Oops! Something went wrong.
Please, try again later.