CVE-2024-6874 Information

Jul 25, 2024 cve

Description

libcurl’s URL API function curl_url_get() offers punycode conversions to and from IDN. Asking to convert a name that is exactly 256 bytes libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exactly - but does not null terminate the string.

This flaw can lead to stack contents accidently getting returned as part of the converted string.

Reference

cve@curl.se https://curl.se/docs/CVE-2024-6874.json https://curl.se/docs/CVE-2024-6874.html https://hackerone.com/reports/2604391 http://www.openwall.com/lists/oss-security/2024/07/24/2 libcurl’s URL API function curl_url_get()***](https://curl.se/libcurl/c/curl_url_get.html)) offers punycode conversions to and from IDN. Asking to convert a name that is exactly 256 bytes libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exactly

but does not null terminate the string.

This flaw can lead to stack contents accidently getting returned as part of the converted string.

Share on: