Internet Bug Bounty: libcurl: freeing stack buffer during x509 certificate parsing

🗓️ 24 Jul 2024 07:11:10Reported by z2_Type

hackerone

hackerone🔗 hackerone.com👁 43 Views

Internet Bug Bounty: libcurl x509 certificate parsing vulnerabilit

Reporter	Title	Published	Views	Family All 94
IBM Security Bulletins	Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities	11 Sep 202408:43	–	ibm
IBM Security Bulletins	Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to stack overwrite due to the libcurl package (CVE-2024-6197)	2 Sep 202514:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2024.	15 Apr 202502:56	–	ibm
IBM Security Bulletins	Security Bulletin: PowerSC is vulnerable to information disclosure, denial of service, and security restrictions bypass due to Curl	4 Dec 202422:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, IBM Java, and IBM Storage Protect Backup-Archive Client may affect IBM Storage Protect Backup-Archive Client	18 Oct 202412:50	–	ibm
AlpineLinux	CVE-2024-6197	24 Jul 202407:29	–	alpinelinux
CBLMariner	CVE-2024-6197 affecting package curl for versions less than 8.8.0-2	15 Oct 202418:24	–	cbl_mariner
CBLMariner	CVE-2024-6197 affecting package cmake for versions less than 3.30.3-2	1 Oct 202418:58	–	cbl_mariner
CBLMariner	CVE-2024-6197 affecting package curl for versions less than 8.8.0-2	12 Sep 202423:01	–	cbl_mariner
Circl	CVE-2024-6197	24 Jul 202410:47	–	circl

23 Aug 2024 20:31Current

7.1High risk

Vulners AI Score7.1

CVSS 3.17.5

EPSS0.01302

SSVC

libcurl x509 certificate parsing vulnerability stack buffer tls malicious server crash memory corruptions