CVE-2024-7264Out-of-bounds Read in Libcurl

CWE-125Out-of-bounds Read23 documents11 sources
Severity
6.5MEDIUMNVD
EPSS
0.9%
top 24.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Haxx CurlHaxx LibcurlCurl
Timeline
PublishedJul 31
Latest updateDec 12

Description

libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcu

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

NVDhaxx/libcurl7.32.08.9.1
Alpinehaxx/curl< 8.9.1-r0+5
Debianhaxx/curl< 7.74.0-1.3+deb11u13+3
Ubuntuhaxx/curl< 7.35.0-1ubuntu2.20+esm18+2
CVEListV5curl/curl8.9.08.9.0+94

🔴Vulnerability Details

5
OSV
curl vulnerability2024-08-20
OSV
CVE-2024-7264: libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN2024-07-31
GHSA
GHSA-97c4-2w4v-c7r8: libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN2024-07-31
CVEList
ASN.1 date parser overread2024-07-31
OSV
CVE-2024-7264: libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN2024-07-31

📋Vendor Advisories

16
Apple
CVE-2024-7264: macOS Sequoia 15.7.32025-12-12
Apple
CVE-2024-7264: visionOS 26.22025-12-12
Apple
CVE-2024-7264: macOS Sonoma 14.8.32025-12-12
Apple
CVE-2024-7264: macOS Tahoe 26.22025-12-12
Apple
CVE-2024-7264: iOS 18.7.3 and iPadOS 18.7.32025-12-12

💬Community

1
HackerOne
CVE-2024-7264: ASN.1 date parser overread2024-08-01
CVE-2024-7264 — Out-of-bounds Read in Haxx Libcurl | cvebase