81 matches found
Curl 7.32.0 < 8.9.1 DoS (CVE-2024-7264)
The version of Curl installed on the remote host is between 7.32.0 and prior to 8.9.1. It is, therefore, affected by a denial of service DoS vulnerability. libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect...
libcurl 7.32.0 < 8.9.1 DoS (CVE-2024-7264)
The version of libcurl installed on the remote host is between 7.32.0 and prior to 8.9.1. It is, therefore, affected by a denial of service DoS vulnerability. libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorre...
The vulnerability of the GTime2str function in the ASN1 Parser library of the libcurl library allows a attacker to trigger an octath in the service.
The vulnerability of the GTime2str function in the ASN1 Parser library of the libcurl library is related to reading beyond the memory boundaries. Exploiting this vulnerability could allow a malicious actor to trigger an octath in the service...
CVE-2024-7264
libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...
CVE-2024-7264 ASN.1 date parser overread
libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...
CVE-2024-7264
libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...
CVE-2024-7264
CVE-2024-7264 affects libcurl’s ASN.1 parser (GTime2str): if parsing a syntactically incorrect Generalized Time field, the code may set the time fraction length to -1, causing strlen() to operate on a non-null-terminated heap buffer. This can cause a crash and potentially leak heap contents to th...
SUSE CVE-2024-6197
libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...
PT-2024-5298 · Libcurl +11 · Libcurl +11
Name of the Vulnerable Software and Affected Versions: libcurl affected versions not specified Description: The issue is related to the GTime2str function in libcurl's ASN1 parser code, which is used for parsing an ASN.1 Generalized Time field. If given a syntactically incorrect field, the parser...
CVE-2024-7264
libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...
CVE-2024-6197
A vulnerability was found in cURL's utf8asn1str function in the ASN1 parser, which causes a denial of service due to a memory allocation flaw. This flaw allows a remote attacker to use a specially crafted TLS certificate, causing the function to invoke free on a 4-byte local stack buffer. While...
AZL-47028 CVE-2024-6197 affecting package cmake for versions less than 3.30.3-2
libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...
DEBIAN-CVE-2024-6197
libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...
CVE-2024-6197
libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...
AZL-47049 CVE-2024-6197 affecting package curl for versions less than 8.8.0-2
libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...
CVE-2024-6197 freeing stack buffer in utf8asn1str
libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...
CVE-2024-6197 freeing stack buffer in utf8asn1str
libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...
CVE-2024-6197
libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...
PT-2024-5389 · Libcurl +5 · Libcurl +5
Name of the Vulnerable Software and Affected Versions: libcurl affected versions not specified Description: The issue is related to libcurl's ASN1 parser, specifically the utf8asn1str function used for parsing an ASN.1 UTF-8 string. When an invalid field is detected, the function returns an error...
SUSE CVE-2009-2185
The ASN.1 parser pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1parser.c in a strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and b openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service pluto IKE daemon crash...