Lucene search
K

81 matches found

Tenable Nessus
Tenable Nessus
added 2024/08/06 12:0 a.m.53 views

Curl 7.32.0 < 8.9.1 DoS (CVE-2024-7264)

The version of Curl installed on the remote host is between 7.32.0 and prior to 8.9.1. It is, therefore, affected by a denial of service DoS vulnerability. libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect...

6.5CVSS7.2AI score0.16212EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/08/06 12:0 a.m.467 views

libcurl 7.32.0 < 8.9.1 DoS (CVE-2024-7264)

The version of libcurl installed on the remote host is between 7.32.0 and prior to 8.9.1. It is, therefore, affected by a denial of service DoS vulnerability. libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorre...

6.5CVSS7.2AI score0.16212EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/08/01 12:0 a.m.5 views

The vulnerability of the GTime2str function in the ASN1 Parser library of the libcurl library allows a attacker to trigger an octath in the service.

The vulnerability of the GTime2str function in the ASN1 Parser library of the libcurl library is related to reading beyond the memory boundaries. Exploiting this vulnerability could allow a malicious actor to trigger an octath in the service...

4.8CVSS6.6AI score0.16212EPSS
Exploits1References13Affected Software5
NVD
NVD
added 2024/07/31 8:15 a.m.23 views

CVE-2024-7264

libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...

6.5CVSS0.16212EPSS
Exploits1References8
OSV
OSV
added 2024/07/31 8:8 a.m.21 views

CVE-2024-7264 ASN.1 date parser overread

libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...

6.3CVSS6.8AI score0.16212EPSS
Exploits1References10
Debian CVE
Debian CVE
added 2024/07/31 8:8 a.m.26 views

CVE-2024-7264

libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...

6.5CVSS6.7AI score0.16212EPSS
Exploits1
CVE
CVE
added 2024/07/31 8:8 a.m.693 views

CVE-2024-7264

CVE-2024-7264 affects libcurl’s ASN.1 parser (GTime2str): if parsing a syntactically incorrect Generalized Time field, the code may set the time fraction length to -1, causing strlen() to operate on a non-null-terminated heap buffer. This can cause a crash and potentially leak heap contents to th...

6.5CVSS7.3AI score0.16212EPSS
Exploits1References8Affected Software1
SUSE CVE
SUSE CVE
added 2024/07/31 2:4 a.m.4 views

SUSE CVE-2024-6197

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

7.5CVSS8.9AI score0.04296EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/07/31 12:0 a.m.5 views

PT-2024-5298 · Libcurl +11 · Libcurl +11

Name of the Vulnerable Software and Affected Versions: libcurl affected versions not specified Description: The issue is related to the GTime2str function in libcurl's ASN1 parser code, which is used for parsing an ASN.1 Generalized Time field. If given a syntactically incorrect field, the parser...

9.1CVSS7.2AI score0.36081EPSS
Exploits9References402
UbuntuCve
UbuntuCve
added 2024/07/31 12:0 a.m.349 views

CVE-2024-7264

libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...

6.5CVSS6.9AI score0.16212EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2024/07/25 6:8 a.m.36 views

CVE-2024-6197

A vulnerability was found in cURL's utf8asn1str function in the ASN1 parser, which causes a denial of service due to a memory allocation flaw. This flaw allows a remote attacker to use a specially crafted TLS certificate, causing the function to invoke free on a 4-byte local stack buffer. While...

6.5CVSS7.1AI score0.04296EPSS
Exploits1References6
OSV
OSV
added 2024/07/24 8:15 a.m.6 views

AZL-47028 CVE-2024-6197 affecting package cmake for versions less than 3.30.3-2

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

7.5CVSS6.8AI score0.04296EPSS
Exploits1References1
OSV
OSV
added 2024/07/24 8:15 a.m.1 views

DEBIAN-CVE-2024-6197

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

7.5CVSS7.8AI score0.04296EPSS
Exploits1References1
NVD
NVD
added 2024/07/24 8:15 a.m.33 views

CVE-2024-6197

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

7.5CVSS0.04296EPSS
Exploits1References6
OSV
OSV
added 2024/07/24 8:15 a.m.6 views

AZL-47049 CVE-2024-6197 affecting package curl for versions less than 8.8.0-2

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

7.5CVSS6.8AI score0.04296EPSS
Exploits1References1
OSV
OSV
added 2024/07/24 7:29 a.m.20 views

CVE-2024-6197 freeing stack buffer in utf8asn1str

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

7.5CVSS7AI score0.04296EPSS
Exploits1References8
Cvelist
Cvelist
added 2024/07/24 7:29 a.m.23 views

CVE-2024-6197 freeing stack buffer in utf8asn1str

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

0.04296EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2024/07/24 7:29 a.m.37 views

CVE-2024-6197

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

7.5CVSS7.8AI score0.04296EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/06/19 12:0 a.m.4 views

PT-2024-5389 · Libcurl +5 · Libcurl +5

Name of the Vulnerable Software and Affected Versions: libcurl affected versions not specified Description: The issue is related to libcurl's ASN1 parser, specifically the utf8asn1str function used for parsing an ASN.1 UTF-8 string. When an invalid field is detected, the function returns an error...

8.6CVSS6.2AI score0.36081EPSS
Exploits8References81
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.2 views

SUSE CVE-2009-2185

The ASN.1 parser pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1parser.c in a strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and b openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service pluto IKE daemon crash...

5CVSS6.9AI score0.02372EPSS
Exploits0References6
Rows per page
Query Builder