CVE-2024-7264

2024-07-3108:15:02

Debian Security Bug Tracker

security-tracker.debian.org

libcurl

asn1 parser

gtime2str

heap buffer overflow

crash

curlinfo_certinfo

cve-2024-7264

unix

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

23.6%

JSON

libcurl’s ASN1 parser code has the GTime2str() function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen() getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when CURLINFO_CERTINFO is used.

OSVersionArchitecturePackageVersionFilename
Debian12allcurl< 7.88.1-10+deb12u7curl_7.88.1-10+deb12u7_all.deb
Debian11allcurl< 7.74.0-1.3+deb11u13curl_7.74.0-1.3+deb11u13_all.deb
Debian999allcurl< 8.9.1-1curl_8.9.1-1_all.deb
Debian13allcurl< 8.9.1-1curl_8.9.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	curl	< 7.88.1-10+deb12u7	curl_7.88.1-10+deb12u7_all.deb
Debian	11	all	curl	< 7.74.0-1.3+deb11u13	curl_7.74.0-1.3+deb11u13_all.deb
Debian	999	all	curl	< 8.9.1-1	curl_8.9.1-1_all.deb
Debian	13	all	curl	< 8.9.1-1	curl_8.9.1-1_all.deb