CVE-2024-6197 — Free of Memory not on the Heap in Libcurl

CWE-590 — Free of Memory not on the Heap9 documents8 sources

Severity

7.5HIGHNVD

EPSS

1.3%

top 20.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haxx Curl Haxx Libcurl Curl

Timeline

PublishedJul 24

Latest updateOct 8

Description

libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDhaxx/libcurl8.6.0 — 8.9.0

▶Debianhaxx/curl< 8.9.0-1+1

▶CVEListV5curl/curl8.8.0 — 8.8.0+3

🔴Vulnerability Details

CVEList

freeing stack buffer in utf8asn1str↗2024-07-24

▶

OSV

CVE-2024-6197: libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN↗2024-07-24

▶

GHSA

GHSA-x3h8-3mf2-v794: libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN↗2024-07-24

▶

📋Vendor Advisories

Microsoft

Hackerone: CVE-2024-6197 Freeing stack buffer in utf8asn1str↗2024-10-08

▶

Red Hat

curl: freeing stack buffer in utf8asn1str↗2024-07-24

▶

Debian

CVE-2024-6197: curl - libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 ...↗2024

▶

💬Community

HackerOne

libcurl: freeing stack buffer during x509 certificate parsing↗2024-08-23

▶

HackerOne

CVE-2024-6197: freeing stack buffer in utf8asn1str↗2024-07-24

▶