CURL-CVE-2024-7264

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2024-7264.html

Import Source

https://curl.se/docs/CURL-CVE-2024-7264.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2024-7264

Aliases

CVE-2024-7264

Published

2024-07-31T08:00:00Z

Modified

2024-07-31T09:57:12Z

Summary

ASN.1 date parser overread

Details

libcurl's ASN1 parser code has the GTime2str() function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen() getting performed on a pointer to a heap buffer area that is not (purposely) null terminated.

This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when CURLINFO_CERTINFO is used.

Database specific

{
    "CWE": {
        "id": "CWE-125",
        "desc": "Out-of-bounds Read"
    },
    "award": {
        "amount": "540",
        "currency": "USD"
    },
    "URL": "https://curl.se/docs/CVE-2024-7264.json",
    "package": "curl",
    "severity": "Low",
    "issue": "https://hackerone.com/reports/2629968",
    "www": "https://curl.se/docs/CVE-2024-7264.html",
    "last_affected": "8.9.0"
}

References

Credits

- Dov Murik (Transmit Security) - FINDER
- Stefan Eissing - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.32.0

Fixed

8.9.1

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

3a24cb7bc456366cbc3a03f7ab6d2576105a1f2d

Fixed

27959ecce75cdb2809c0bdb3286e60e08fadb519

Affected versions

7.*

7.32.0

7.33.0

7.34.0

7.35.0

7.36.0

7.37.0

7.37.1

7.38.0

7.39.0

7.40.0

7.41.0

7.42.0

7.42.1

7.43.0

7.44.0

7.45.0

7.46.0

7.47.0

7.47.1

7.48.0

7.49.0

7.49.1

7.50.0

7.50.1

7.50.2

7.50.3

7.51.0

7.52.0

7.52.1

7.53.0

7.53.1

7.54.0

7.54.1

7.55.0

7.55.1

7.56.0

7.56.1

7.57.0

7.58.0

7.59.0

7.60.0

7.61.0

7.61.1

7.62.0

7.63.0

7.64.0

7.64.1

7.65.0

7.65.1

7.65.2

7.65.3

7.66.0

7.67.0

7.68.0

7.69.0

7.69.1

7.70.0

7.71.0

7.71.1

7.72.0

7.73.0

7.74.0

7.75.0

7.76.0

7.76.1

7.77.0

7.78.0

7.79.0

7.79.1

7.80.0

7.81.0

7.82.0

7.83.0

7.83.1

7.84.0

7.85.0

7.86.0

7.87.0

7.88.0

7.88.1

8.*

8.0.0

8.0.1

8.1.0

8.1.1

8.1.2

8.2.0

8.2.1

8.3.0

8.4.0

8.5.0

8.6.0

8.7.0

8.7.1

8.8.0

8.9.0