CURL-CVE-2024-6874

See a problem?
Please try reporting it to the source first.
Source
https://curl.se/docs/CVE-2024-6874.html
Import Source
https://curl.se/docs/CURL-CVE-2024-6874.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2024-6874
Aliases
Published
2024-07-24T08:00:00Z
Modified
2024-08-07T14:48:26Z
Summary
macidn punycode buffer overread
Details

libcurl's URL API function curlurlget() offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exactly - but does not null terminate the string.

This flaw can lead to stack contents accidentally getting returned as part of the converted string.

References
Credits
    • z2_ - FINDER
    • z2_ - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
8.8.0
Fixed
8.9.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
add22feeef07858307be5722e1869e082554290e
Fixed
686d54baf1df6e0775898f484d1670742898b3b2

Affected versions

8.*

8.8.0