CVE-2024-7264 - OpenCVE

libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Haxx	Libcurl

Configuration 1 [-]

cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/07/31/1
https://curl.se/docs/CVE-2024-7264.html
https://curl.se/docs/CVE-2024-7264.json
https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519
https://hackerone.com/reports/2629968
https://nvd.nist.gov/vuln/detail/CVE-2024-7264
https://security.netapp.com/advisory/ntap-20240828-0008/
https://www.cve.org/CVERecord?id=CVE-2024-7264

History

Wed, 28 Aug 2024 15:30:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20240828-0008/

Mon, 12 Aug 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Haxx Haxx libcurl
CPEs		cpe:2.3:a:haxx:libcurl::::::::
Vendors & Products		Haxx Haxx libcurl
Metrics	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H'}`	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

Wed, 07 Aug 2024 03:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
References		https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.cve.org/CVERecord?id=CVE-2024-7264
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H'}` threat_severity `Low`

MITRE

Status: PUBLISHED

Assigner: curl

Published: 2024-07-31T08:08:14.585Z

Updated: 2024-08-28T15:02:52.325Z

Reserved: 2024-07-30T08:04:22.389Z

Link: CVE-2024-7264

Vulnrichment

Updated: 2024-08-28T15:02:52.325Z

NVD

Status : Analyzed

Published: 2024-07-31T08:15:02.657

Modified: 2024-08-12T17:30:51.880

Link: CVE-2024-7264

Redhat

Severity : Low

Publid Date: 2024-07-31T00:00:00Z

Links: CVE-2024-7264 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object