5 matches found
Azure Linux 3.0 Security Update: cmake / curl (CVE-2024-6874)
The version of cmake / curl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6874 advisory. - libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a...
The vulnerability of the curl_url_get() function in the command-line utility cURL allows a attacker to cause a service failure.
The vulnerability of the curlurlget function in the command-line utility cURL is related to the release of previously unallocated memory due to the use of the Punycode method for converting IDN domains. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
SUSE CVE-2024-6874
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
AZL-49664 CVE-2024-6874 affecting package cmake for versions less than 3.30.3-2
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
PT-2024-5390 · Curl +2 · Curl +2
Name of the Vulnerable Software and Affected Versions: cURL affected versions not specified Description: The issue is related to the curl url get function in the cURL utility, which is used for Punycode conversions of IDN domains. When a name exactly 256 bytes is converted, it can cause the...