
We found results for “”
CVE-2024-7264
Good to know:

Date: July 31, 2024
libcurl's ASN1 parser code has the "GTime2str()" function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a "strlen()" getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when "CURLINFO_CERTINFO" (https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.
Language: C
Severity Score
Related Resources (10)
Severity Score
Weakness Type (CWE)
Out-of-bounds Read
CWE-125Top Fix

CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |