curl: CVE-2024-7264: ASN.1 date parser overread

🗓️ 30 Jul 2024 05:16:36Reported by dubekType

hackerone

hackerone🔗 hackerone.com👁 70 Views

ASN.1 date parser overread in Curl_extract_certinf

Reporter	Title	Published	Views	Family All 234
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities	26 Mar 202504:07	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.	26 May 202606:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities	11 Sep 202408:43	–	ibm
IBM Security Bulletins	Security Bulletin: vulnerability in libcURL affects IBM Workload Automation.	10 Jan 202513:42	–	ibm
IBM Security Bulletins	Security Bulletin: PowerSC is vulnerable to information disclosure, denial of service, and security restrictions bypass due to Curl	4 Dec 202422:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module affected by multiple vulnerabilities	13 Nov 202417:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities	12 Dec 202402:18	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in libcURL affect IBM DevOps Code ClearCase.	4 Mar 202514:25	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerability found in packages shipped with IBM CICS TX Advanced	25 Oct 202414:40	–	ibm
Tenable Nessus	Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2026-1603)	30 Apr 202600:00	–	nessus

01 Aug 2024 22:05Current

6Medium risk

Vulners AI Score6

CVSS 3.16.3 - 6.5

EPSS0.00796

SSVC

cve-2024-7264 stack read overflow heap read overflow gtime2str function curl_dyn_addf function asn.1 date parser addresssanitizer error