CVE-2024-7264 - Vulnerability Details

libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an
ASN.1 Generalized Time field. If given an syntactically incorrect field, the
parser might end up using -1 for the length of the *time fraction*, leading to
a `strlen()` getting performed on a pointer to a heap buffer area that is not
(purposely) null terminated.

This flaw most likely leads to a crash, but can also lead to heap contents
getting returned to the application when
[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.05357.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Haxx	Libcurl
Redhat	Enterprise Linux Service Mesh

Configuration 1 [-]

cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
mysql:8.0-8100020250212154709.489197e6	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:1673	2025-02-19T00:00:00Z
Red Hat Enterprise Linux 9
mysql-0:8.0.41-2.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:1671	2025-02-19T00:00:00Z
Red Hat OpenShift Service Mesh 2.6 for RHEL 8
openshift-service-mesh/grafana-rhel8:2.6.2-3	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/istio-cni-rhel8:2.6.2-5	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/istio-must-gather-rhel8:2.6.2-4	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/istio-rhel8-operator:2.6.2-5	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-ossmc-rhel8:1.89.2-3	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-rhel8:1.89.4-3	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-rhel8-operator:1.89.6-1	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/pilot-rhel8:2.6.2-5	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/ratelimit-rhel8:2.6.2-3	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
Red Hat OpenShift Service Mesh 2.6 for RHEL 9
openshift-service-mesh/proxyv2-rhel9:2.6.2-7	cpe:/a:redhat:service_mesh:2.6::el9	RHSA-2024:7726	2024-10-07T00:00:00Z

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-48211	libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.
Ubuntu USN	USN-6944-1	curl vulnerability
Ubuntu USN	USN-6944-2	curl vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/07/31/1
https://curl.se/docs/CVE-2024-7264.html
https://curl.se/docs/CVE-2024-7264.json
https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519
https://hackerone.com/reports/2629968
https://nvd.nist.gov/vuln/detail/CVE-2024-7264
https://security.netapp.com/advisory/ntap-20240828-0008/
https://security.netapp.com/advisory/ntap-20241025-0006/
https://security.netapp.com/advisory/ntap-20241025-0010/
https://www.cve.org/CVERecord?id=CVE-2024-7264
https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL

History

Mon, 03 Nov 2025 23:30:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20241025-0006/ https://security.netapp.com/advisory/ntap-20241025-0010/

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.02574}`	epss `{'score': 0.02605}`

Thu, 20 Feb 2025 02:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8

Wed, 19 Feb 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9
Vendors & Products		Redhat enterprise Linux

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519 https://security.netapp.com/advisory/ntap-20240828-0008/

Wed, 30 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
References	https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519 https://security.netapp.com/advisory/ntap-20240828-0008/
Metrics	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}`

Wed, 16 Oct 2024 02:30:00 +0000

Type	Values Removed	Values Added
References		https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL

Tue, 08 Oct 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat service Mesh
CPEs		cpe:/a:redhat:service_mesh:2.6::el8 cpe:/a:redhat:service_mesh:2.6::el9
Vendors & Products		Redhat Redhat service Mesh

Wed, 28 Aug 2024 15:30:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20240828-0008/

Mon, 12 Aug 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Haxx Haxx libcurl
CPEs		cpe:2.3:a:haxx:libcurl::::::::
Vendors & Products		Haxx Haxx libcurl
Metrics	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H'}`	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

Wed, 07 Aug 2024 03:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
References		https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.cve.org/CVERecord?id=CVE-2024-7264
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H'}` threat_severity `Low`

MITRE

Status: PUBLISHED

Assigner: curl

Published: 2024-07-31T08:08:14.585Z

Updated: 2025-11-03T22:32:51.400Z

Reserved: 2024-07-30T08:04:22.389Z

Link: CVE-2024-7264

Vulnrichment

Updated: 2024-08-28T15:02:52.325Z

NVD

Status : Modified

Published: 2024-07-31T08:15:02.657

Modified: 2025-11-03T23:17:31.647

Link: CVE-2024-7264

Redhat

Severity : Low

Publid Date: 2024-07-31T00:00:00Z

Links: CVE-2024-7264 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object