CVE-2024-7264
CVE-2024-7264
6.5
MediumPublished:
Last updated:
Source:2499f714-1537-4658-8207-48ae4bb9eae9
Modified
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- Scope
- Unchanged
- Confidentiality
- None
- Integrity
- None
- Availability
- High
Description
libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.
References
2499f714-1537-4658-8207-48ae4bb9eae9
http://www.openwall.com/lists/oss-security/2024/07/31/12499f714-1537-4658-8207-48ae4bb9eae9
https://curl.se/docs/CVE-2024-7264.html2499f714-1537-4658-8207-48ae4bb9eae9
https://curl.se/docs/CVE-2024-7264.json2499f714-1537-4658-8207-48ae4bb9eae9
https://hackerone.com/reports/2629968af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2024/07/31/1af854a3a-2127-422b-91ae-364da2661108
https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519af854a3a-2127-422b-91ae-364da2661108
https://security.netapp.com/advisory/ntap-20240828-0008/af854a3a-2127-422b-91ae-364da2661108
https://security.netapp.com/advisory/ntap-20241025-0006/af854a3a-2127-422b-91ae-364da2661108
https://security.netapp.com/advisory/ntap-20241025-0010/