36 matches found
ROS-20240816-22
Vulnerability in the ASN1 Parser function GTime2str of the libcurl library is related to reading outside of memory boundaries memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause an octasis in the maintenance...
SUSE-SU-2024:2938-1 Security update for curl
This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str bsc1228535...
SUSE-SU-2024:2930-1 Security update for curl
This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str bsc1228535...
Curl 7.32.0 < 8.9.1 DoS (CVE-2024-7264)
The version of Curl installed on the remote host is between 7.32.0 and prior to 8.9.1. It is, therefore, affected by a denial of service DoS vulnerability. libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect...
Heap Buffer Over-Read
libcurl.so is vulnerable to a Heap Buffer Over-Read. The vulnerability is due to improper handling of invalid ASN.1 Generalized Time fields in the GTime2str function via lib/x509asn1.c. which allows an attacker to disclose sensitive information by exposing heap contents through the CURLINFOCERTIN...
The vulnerability of the GTime2str function in the ASN1 Parser library of the libcurl library allows a attacker to trigger an octath in the service.
The vulnerability of the GTime2str function in the ASN1 Parser library of the libcurl library is related to reading beyond the memory boundaries. Exploiting this vulnerability could allow a malicious actor to trigger an octath in the service...
CVE-2024-7264
libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...
AZL-47253 CVE-2024-7264 affecting package rust for versions less than 1.68.0-1
libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...
CVE-2024-7264
libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...
CVE-2024-7264
CVE-2024-7264 affects libcurl’s ASN.1 parser (GTime2str): if parsing a syntactically incorrect Generalized Time field, the code may set the time fraction length to -1, causing strlen() to operate on a non-null-terminated heap buffer. This can cause a crash and potentially leak heap contents to th...
CVE-2024-7264 ASN.1 date parser overread
libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...
CVE-2024-7264 ASN.1 date parser overread
libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...
CVE-2024-7264
libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...
CURL-CVE-2024-7264 ASN.1 date parser overread
libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...
CVE-2024-7264
libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...
curl: CVE-2024-7264: ASN.1 date parser overread
Vulnerability description not provided...