CVE-2024-6197: libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately…

CVE-2024-6197 [HIGH] CVE-2024-6197: libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.

CVE-2024-6197 [HIGH] GHSA-x3h8-3mf2-v794: libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.

CVE-2024-6197 [HIGH] CWE-590 Hackerone: CVE-2024-6197 Freeing stack buffer in utf8asn1str Hackerone: CVE-2024-6197 Freeing stack buffer in utf8asn1str NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-6197 FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. FAQ: How does this vulnerability in curl affect Windows? While the upstream advisory applies to curl, the command line tool, and libcurl as embedded in all manner of software, Windows does not ship libcurl but only ships the curl command line. This vulnerability requires user interaction to select the server and to communicate with it. Windows cURL Implementa

CVE-2024-6197 [HIGH] CWE-590 curl: freeing stack buffer in utf8asn1str curl: freeing stack buffer in utf8asn1str libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances. A vulnerability was found in cURL

CVE-2024-6197 [HIGH] CVE-2024-6197: curl - libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 ... libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in

Microsoft & Adobe October 2024 Patch Tuesday Updates | Qualys #### Table of Contents - Microsoft Patch Tuesday for October 2024 - Adobe Patches for October 2024 - Zero-day Vulnerabilities Patched in October Patch Tuesday Edition - Critical Severity Vulnerabilities Patched in October Patch Tuesday Edition - Microsoft Release Summary - Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR) - Rapid Response with Patch Management (PM) - EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC) - Qualys Monthly Webinar Series Microsoft has rolled out its October 2024 Patch Tuesday updates, offering vital security fixes for IT professionals to implement. With several critical vulnerabilities patched, this release highlights the ongoing need for regular maintenance and attention to security. ## Microsoft P

[MEDIUM] Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws ## Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws ## Lawrence Abrams 28 Elevation of Privilege vulnerabilities 7 Security Feature Bypass vulnerabilities 43 Remote Code Execution vulnerabilities 6 Information Disclosure vulnerabilities 26 Denial of Service vulnerabilities 7 Spoofing vulnerabilities This count does not include three Edge flaws that were previously fixed on October 3rd. To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5044284 and KB5044285 cumulative updates and the Windows 10 KB5044273 update . ## Five zero-days disclosed This month's Patch Tuesday fixes five zero-days, two of which were actively exploited in attacks, and all five were publicly disclosed. Microsoft classi

[HIGH] The October 2024 Security Update Review ## The October 2024 Security Update Review Get the October 2024 security update and review. By: Dustin Childs 2024/10/08 Read time: ( words) Save to Folio It’s the spooky season, and there’s nothing spookier than security patches – at least in my world. Microsoft and Adobe have released their latest patches, and no bones about it, there are some skeletons in those closets. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: CVE Title Severity CVSS Public Exploited Type CVE-2024-43572 Microsoft Management Console Remote Code Execution Vulnerability Moderate 7.8 Yes Yes RCE CVE-2024-43573 Windows MSHTML Platform Spo

The October 2024 Security Update Review # The October 2024 Security Update Review Get the October 2024 security update and review. By: Dustin Childs 2024/10/08 Read time: ( words) Save to Folio It’s the spooky season, and there’s nothing spookier than security patches – at least in my world. Microsoft and Adobe have released their latest patches, and no bones about it, there are some skeletons in those closets. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for October 2024 For October, Adobe released nine patches addressing 52 CVEs in Adobe Substance 3D Painter, Commerce, Dimension, Animate, Lightroom, InCopy, InDesign, Substance 3D Stager, and A

Microsoft and Adobe Patch Tuesday, October 2024 Security Update Review ## Table of Contents Microsoft Patch Tuesday for October 2024 Adobe Patches for October 2024 Zero-day Vulnerabilities Patched in October Patch Tuesday Edition Critical Severity Vulnerabilities Patched in October Patch Tuesday Edition Microsoft Release Summary Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR) Rapid Response with Patch Management (PM) EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC) Qualys Monthly Webinar Series Microsoft has rolled out its October 2024 Patch Tuesday updates, offering vital security fixes for IT professionals to implement. With several critical vulnerabilities patched, this release highlights the ongoing need for regular maintenance and attention to security. ## Microsoft Patch Tuesday

CVE-2024-6197 [HIGH] libcurl: freeing stack buffer during x509 certificate parsing libcurl: freeing stack buffer during x509 certificate parsing Hello, I would like to report a vulnerability here, initially reported by me to the curl project. HackerOne Report: https://hackerone.com/reports/2559516 CVE: CVE-2024-6197 Advisory: https://curl.se/docs/CVE-2024-6197.html Severity: Medium ## Impact By serving a specifically crafted TLS certificate, a malicious server can trigger a `free()` of a buffer located on the stack. This can lead to a crash or to further memory corruptions. libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. It can detect an invalid field and return error. Unfortunately, when doing so it also invokes free() on a 4 byte local stack buffer. Most modern malloc implementations detect this error and immediately

CVE-2024-6197 [HIGH] CVE-2024-6197 curl: freeing stack buffer in utf8asn1str CVE-2024-6197 curl: freeing stack buffer in utf8asn1str libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances. Discussion: From a

CVE-2024-6197 [HIGH] CVE-2024-6197: freeing stack buffer in utf8asn1str CVE-2024-6197: freeing stack buffer in utf8asn1str Libcurl at commit [04739054cdac5a0614fb94e3655e313c03399f35](https://github.com/curl/curl/tree/04739054cdac5a0614fb94e3655e313c03399f35) contains an invalid invocation of `free()` in the function `utf8asn1str()` at [lib/vtls/x509asn1.c:397](https://github.com/curl/curl/blob/04739054cdac5a0614fb94e3655e313c03399f35/lib/vtls/x509asn1.c#L397). The relevant code can be seen below: ```c static CURLcode utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end) { // --- snip --- if(type == CURL_ASN1_UTF8_STRING) { // --- snip --- } else { while(!result && (from = 0x00200000) { free(buf); /* Invalid char. size for target encoding. */ return CURLE_WEIRD_SERVER_REPLY; } } } } ``` `buf` is located on the stack and not the heap,