CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
30.3%
Hello, I would like to report a vulnerability here, initially reported by me to the curl project.
HackerOne Report: https://hackerone.com/reports/2559516
CVE: CVE-2024-6197
Advisory: https://curl.se/docs/CVE-2024-6197.html
Severity: Medium
By serving a specifically crafted TLS certificate, a malicious server can trigger a free()
of a buffer located on the stack.
This can lead to a crash or to further memory corruptions.