CVE-2024-7264 Information
Description
libcurl’s ASN1 parser code has the GTime2str() function used for parsing an
ASN.1 Generalized Time field. If given an syntactically incorrect field the
parser might end up using -1 for the length of the time fraction leading to
a strlen() getting performed on a pointer to a heap buffer area that is not
(purposely) null terminated.
This flaw most likely leads to a crash but can also lead to heap contents getting returned to the application when CURLINFO_CERTINFO is used.
Reference
cve@curl.se
https://curl.se/docs/CVE-2024-7264.json
https://curl.se/docs/CVE-2024-7264.html
https://hackerone.com/reports/2629968
http://www.openwall.com/lists/oss-security/2024/07/31/1
libcurl’s
ASN1
parser
code
has
the
GTime2str()
function
used
for
parsing
an
ASN.1
Generalized
Time
field.
If
given
an
syntactically
incorrect
field
the
parser
might
end
up
using
-1
for
the
length
of
the
time
fraction
leading
to
a
strlen()
getting
performed
on
a
pointer
to
a
heap
buffer
area
that
is
not
(purposely)
null
terminated.
This flaw most likely leads to a crash but can also lead to heap contents getting returned to the application when CURLINFO_CERTINFO***](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html)) is used.
Share on: