libcurl's ASN1 parser code has the GTime2str()
function, used for parsing an
ASN.1 Generalized Time field. If given an syntactically incorrect field, the
parser might end up using -1 for the length of the time fraction, leading to
a strlen()
getting performed on a pointer to a heap buffer area that is not
(purposely) null terminated.
This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when CURLINFO_CERTINFO is used.
{ "vanir_signatures": [ { "target": { "file": "lib/vtls/x509asn1.c", "function": "GTime2str" }, "id": "CVE-2024-7264-357d5c8a", "source": "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", "digest": { "length": 1104.0, "function_hash": "44391705612524364774368042722019714327" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "target": { "file": "lib/vtls/x509asn1.h" }, "id": "CVE-2024-7264-67821506", "source": "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", "digest": { "line_hashes": [ "95126134743640794896963096731829227697", "144779354657065835501752563488437428604", "317072365810900046882446524785076944464" ], "threshold": 0.9 }, "signature_version": "v1", "signature_type": "Line", "deprecated": false }, { "target": { "file": "lib/vtls/x509asn1.c" }, "id": "CVE-2024-7264-d42afa67", "source": "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", "digest": { "line_hashes": [ "225876056498704765845877006559546262300", "176423151054548165360750876540677858194", "289668165175774764560448522829877424639", "242644217041992152321989115265215972879", "268532454690515376590998156180152951206", "310272947232416495089203242947839935684", "301038965153660893262258651624092148049", "32862098234719251992637084107481093688", "220300149285119356296593497329560454543", "303852349410960188254824451623453671590", "9591007534432890142340230746602368870", "275271375232490080563785528446164228624", "17377905258464721812210095822744909001", "42362003463451388804118331388589612087", "32253411418572657241631111414545383706", "98035622866023045045478393730663191063", "296432699133742590980654626491505239460", "230280919300164717500587727305278940390", "25538375731885481183170371639755625079", "267395533405182516326850447821945556602", "213019383524148410116549292298220134339", "239491207639922602422962646100192763644", "262405149748443976684945419827080942246", "108788281347994535860029351021890880673", "313863988834971745022596417113198128543", "17971457333675315949877802435449047435" ], "threshold": 0.9 }, "signature_version": "v1", "signature_type": "Line", "deprecated": false } ] }