Lucene search
+L

14 matches found

nessus
nessus
added 2026/02/10 12:0 a.m.7 views

Siemens SCALANCE and RUGGEDCOM Buffer Over-read (CVE-2024-6874)

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS6.7AI score0.00786EPSS
Exploits1References4
nessus
nessus
added 2026/01/22 12:0 a.m.7 views

Azure Linux 3.0 Security Update: cmake / curl (CVE-2024-6874)

The version of cmake / curl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6874 advisory. - libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a...

4.3CVSS5.9AI score0.00786EPSS
Exploits1References2
astralinux
astralinux
added 2025/10/31 4:38 p.m.5 views

Astra Linux - уязвимость в curl

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS7.1AI score0.00786EPSS
Exploits1References2
osv
osv
added 2025/10/10 3:4 p.m.5 views

JLSEC-2025-37 libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers puny...

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS7.1AI score0.00786EPSS
Exploits1References9
veracode
veracode
added 2024/07/30 9:26 a.m.24 views

Out-of-Bounds Read

libcurl.so is vulnerable to an Out-of-Bounds Read. The vulnerability is due to a flaw in the URL API function curlurlget when using the macidn IDN backend. It arises from the function filling the provided buffer exactly without null-terminating the string. Attackers can exploit this to read stack...

4.3CVSS6.5AI score0.00786EPSS
Exploits1References6Affected Software2
susecve
susecve
added 2024/07/26 3:25 a.m.4 views

SUSE CVE-2024-6874

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

5.3CVSS9.1AI score0.00786EPSS
Exploits1References4
osv
osv
added 2024/07/24 8:15 a.m.4 views

ALPINE-CVE-2024-6874

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS7.1AI score0.00786EPSS
Exploits1References1
osv
osv
added 2024/07/24 8:15 a.m.8 views

AZL-47046 CVE-2024-6874 affecting package curl for versions less than 8.8.0-1

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS7.3AI score0.00786EPSS
Exploits1References1
osv
osv
added 2024/07/24 8:0 a.m.27 views

CURL-CVE-2024-6874 macidn punycode buffer overread

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS6.9AI score0.00786EPSS
Exploits1
curl
curl
added 2024/07/24 8:0 a.m.10 views

macidn punycode buffer overread

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS7AI score0.00786EPSS
Exploits1References1Affected Software2
cvelist
cvelist
added 2024/07/24 7:36 a.m.41 views

CVE-2024-6874 macidn punycode buffer overread

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

0.00786EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2024/07/24 7:36 a.m.26 views

CVE-2024-6874 macidn punycode buffer overread

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

6.5AI score0.00786EPSS
Exploits1References4
ubuntucve
ubuntucve
added 2024/07/24 12:0 a.m.31 views

CVE-2024-6874

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS6.9AI score0.00786EPSS
Exploits1References2
hackerone
hackerone
added 2024/07/16 2:7 a.m.62 views

curl: CVE-2024-6874: macidn punycode buffer overread

The libcurl at commit 58772b0e082eda333e0a5fc8fb0bc7f17a3cd99c contained a stack-buffer overread in the function macidntoascii that could be triggered when the host of a URL was converted to punycode. The root cause was in the function uidnanameToASCIIUTF8, which left the output buffer unterminat...

4.3CVSS4.7AI score0.00786EPSS
Exploits1
Rows per page
Query Builder