CURL-CVE-2024-7264

Source
https://curl.se/docs/CVE-2024-7264.html
Import Source
https://curl.se/docs/CURL-CVE-2024-7264.json
JSON Data
https://api.test.osv.dev/v1/vulns/CURL-CVE-2024-7264
Aliases
Published
2024-07-31T08:00:00Z
Modified
2024-07-31T09:57:12Z
Summary
ASN.1 date parser overread
Details

libcurl's ASN1 parser code has the GTime2str() function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen() getting performed on a pointer to a heap buffer area that is not (purposely) null terminated.

This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when CURLINFO_CERTINFO is used.

Database specific
{
    "CWE": {
        "id": "CWE-125",
        "desc": "Out-of-bounds Read"
    },
    "award": {
        "amount": "540",
        "currency": "USD"
    },
    "URL": "https://curl.se/docs/CVE-2024-7264.json",
    "package": "curl",
    "severity": "Low",
    "issue": "https://hackerone.com/reports/2629968",
    "www": "https://curl.se/docs/CVE-2024-7264.html",
    "last_affected": "8.9.0"
}
References
Credits
    • Dov Murik (Transmit Security) - FINDER
    • Stefan Eissing - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.32.0
Fixed
8.9.1
Type
GIT
Repo
https://github.com/curl/curl.git
Events

Affected versions

7.*

7.32.0
7.33.0
7.34.0
7.35.0
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.40.0
7.41.0
7.42.0
7.42.1
7.43.0
7.44.0
7.45.0
7.46.0
7.47.0
7.47.1
7.48.0
7.49.0
7.49.1
7.50.0
7.50.1
7.50.2
7.50.3
7.51.0
7.52.0
7.52.1
7.53.0
7.53.1
7.54.0
7.54.1
7.55.0
7.55.1
7.56.0
7.56.1
7.57.0
7.58.0
7.59.0
7.60.0
7.61.0
7.61.1
7.62.0
7.63.0
7.64.0
7.64.1
7.65.0
7.65.1
7.65.2
7.65.3
7.66.0
7.67.0
7.68.0
7.69.0
7.69.1
7.70.0
7.71.0
7.71.1
7.72.0
7.73.0
7.74.0
7.75.0
7.76.0
7.76.1
7.77.0
7.78.0
7.79.0
7.79.1
7.80.0
7.81.0
7.82.0
7.83.0
7.83.1
7.84.0
7.85.0
7.86.0
7.87.0
7.88.0
7.88.1

8.*

8.0.0
8.0.1
8.1.0
8.1.1
8.1.2
8.2.0
8.2.1
8.3.0
8.4.0
8.5.0
8.6.0
8.7.0
8.7.1
8.8.0
8.9.0