17 matches found
Siemens SCALANCE and RUGGEDCOM Buffer Over-read (CVE-2024-6874)
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
SUSE: Security Advisory (SUSE-SU-2025:03198-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for curl
This update for curl fixes the following issues: Update to version 8.14.1 jscPED-13055, jscPED-13056. Security issues fixed: CVE-2025-0665: eventfd double close can cause libcurl to act unreliably bsc1236589. CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks...
CVE-2024-6874 affecting package curl for versions less than 8.8.0-1
CVE-2024-6874 affecting package curl for versions less than 8.8.0-1. A patched version of the package is available...
CVE-2024-6874 affecting package cmake for versions less than 3.30.3-2
CVE-2024-6874 affecting package cmake for versions less than 3.30.3-2. A patched version of the package is available...
Tenable Security Center Multiple Vulnerabilities (TNS-2024-13)
According to its self-reported version, the Tenable Security Center running on the remote host is 6.2.1, 6.3.0 or 6.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-13 advisory. - Security Center leverages third-party software to help provide underlying...
CVE-2024-6874 affecting package curl for versions less than 8.8.0-1
CVE-2024-6874 affecting package curl for versions less than 8.8.0-1. A patched version of the package is available...
CVE-2024-6874
A buffer overread vulnerability was found in Curl's URL API function curlurlget. This issue allows a remote attacker to obtain sensitive information due to a punycode buffer overread flaw. By sending a specially crafted request, an attacker can gain sensitive information and potentially launch...
CVE-2024-6874
creationtimestamp| type| source ---|---|--- 2024-07-24 10:47:44+00:00| seen| https://t.me/cvedetector/1548 2026-02-12 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-06 2026-05-11 12:23:09+00:00| seen|...
AZL-49664 CVE-2024-6874 affecting package cmake for versions less than 3.30.3-2
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
AZL-47020 CVE-2024-6874 affecting package curl for versions less than 8.8.0-1
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
CVE-2024-6874
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
CVE-2024-6874 macidn punycode buffer overread
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
CVE-2024-6874 macidn punycode buffer overread
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
CVE-2024-6874 macidn punycode buffer overread
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
CVE-2024-6874
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
curl: CVE-2024-6874: macidn punycode buffer overread
The libcurl at commit 58772b0e082eda333e0a5fc8fb0bc7f17a3cd99c contained a stack-buffer overread in the function macidntoascii that could be triggered when the host of a URL was converted to punycode. The root cause was in the function uidnanameToASCIIUTF8, which left the output buffer unterminat...