CVE-2024-7264

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-7264
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7264.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-7264
Aliases
Downstream
Related
Published
2024-07-31T08:15:02.657Z
Modified
2026-03-14T15:04:00.145396Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

libcurl's ASN1 parser code has the GTime2str() function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen() getting performed on a pointer to a heap buffer area that is not (purposely) null terminated.

This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when CURLINFO_CERTINFO is used.

References

Affected packages

Git / github.com/curl/curl

Affected ranges

Type
GIT
Repo
https://github.com/curl/curl
Events
Introduced
70812c2f32fc5734bcbbe572b9f61c380433ad6a
Fixed
83bedbd730d62b83744cc26fa0433d3f6e2e4cd6
Fixed
27959ecce75cdb2809c0bdb3286e60e08fadb519
Database specific 
{
    "versions": [
        {
            "introduced": "7.32.0"
        },
        {
            "fixed": "8.9.1"
        }
    ]
}

Affected versions

Other
curl-7_32_0
curl-7_33_0
curl-7_34_0
curl-7_35_0
curl-7_36_0
curl-7_37_0
curl-7_37_1
curl-7_38_0
curl-7_39_0
curl-7_40_0
curl-7_41_0
curl-7_42_0
curl-7_43_0
curl-7_44_0
curl-7_45_0
curl-7_46_0
curl-7_47_0
curl-7_47_1
curl-7_48_0
curl-7_49_0
curl-7_49_1
curl-7_50_0
curl-7_50_1
curl-7_50_2
curl-7_50_3
curl-7_51_0
curl-7_52_0
curl-7_52_1
curl-7_53_0
curl-7_53_1
curl-7_54_0
curl-7_54_1
curl-7_55_0
curl-7_55_1
curl-7_56_0
curl-7_56_1
curl-7_57_0
curl-7_58_0
curl-7_59_0
curl-7_60_0
curl-7_61_0
curl-7_61_1
curl-7_62_0
curl-7_63_0
curl-7_64_0
curl-7_64_1
curl-7_65_0
curl-7_65_1
curl-7_65_2
curl-7_65_3
curl-7_66_0
curl-7_67_0
curl-7_68_0
curl-7_69_0
curl-7_69_1
curl-7_70_0
curl-7_71_0
curl-7_71_1
curl-7_72_0
curl-7_73_0
curl-7_74_0
curl-7_75_0
curl-7_76_0
curl-7_76_1
curl-7_77_0
curl-7_78_0
curl-7_79_0
curl-7_79_1
curl-7_80_0
curl-7_81_0
curl-7_82_0
curl-7_83_0
curl-7_83_1
curl-7_84_0
curl-7_85_0
curl-7_86_0
curl-7_87_0
curl-7_88_0
curl-7_88_1
curl-8_0_0
curl-8_0_1
curl-8_1_0
curl-8_1_1
curl-8_1_2
curl-8_2_0
curl-8_2_1
curl-8_3_0
curl-8_4_0
curl-8_5_0
curl-8_6_0
curl-8_7_0
curl-8_7_1
curl-8_8_0
curl-8_9_0

Database specific

vanir_signatures 
[
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2024-7264-357d5c8a",
        "target": {
            "file": "lib/vtls/x509asn1.c",
            "function": "GTime2str"
        },
        "digest": {
            "length": 1104.0,
            "function_hash": "44391705612524364774368042722019714327"
        },
        "signature_version": "v1",
        "source": "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2024-7264-67821506",
        "target": {
            "file": "lib/vtls/x509asn1.h"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "95126134743640794896963096731829227697",
                "144779354657065835501752563488437428604",
                "317072365810900046882446524785076944464"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2024-7264-d42afa67",
        "target": {
            "file": "lib/vtls/x509asn1.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "225876056498704765845877006559546262300",
                "176423151054548165360750876540677858194",
                "289668165175774764560448522829877424639",
                "242644217041992152321989115265215972879",
                "268532454690515376590998156180152951206",
                "310272947232416495089203242947839935684",
                "301038965153660893262258651624092148049",
                "32862098234719251992637084107481093688",
                "220300149285119356296593497329560454543",
                "303852349410960188254824451623453671590",
                "9591007534432890142340230746602368870",
                "275271375232490080563785528446164228624",
                "17377905258464721812210095822744909001",
                "42362003463451388804118331388589612087",
                "32253411418572657241631111414545383706",
                "98035622866023045045478393730663191063",
                "296432699133742590980654626491505239460",
                "230280919300164717500587727305278940390",
                "25538375731885481183170371639755625079",
                "267395533405182516326850447821945556602",
                "213019383524148410116549292298220134339",
                "239491207639922602422962646100192763644",
                "262405149748443976684945419827080942246",
                "108788281347994535860029351021890880673",
                "313863988834971745022596417113198128543",
                "17971457333675315949877802435449047435"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7264.json"