13 matches found
Siemens SCALANCE and RUGGEDCOM Buffer Over-read (CVE-2024-6874)
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
Azure Linux 3.0 Security Update: cmake / curl (CVE-2024-6874)
The version of cmake / curl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6874 advisory. - libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a...
Astra Linux - уязвимость в curl
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
JLSEC-2025-37 libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers puny...
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
Out-of-Bounds Read
libcurl.so is vulnerable to an Out-of-Bounds Read. The vulnerability is due to a flaw in the URL API function curlurlget when using the macidn IDN backend. It arises from the function filling the provided buffer exactly without null-terminating the string. Attackers can exploit this to read stack...
SUSE CVE-2024-6874
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
AZL-47046 CVE-2024-6874 affecting package curl for versions less than 8.8.0-1
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
ALPINE-CVE-2024-6874
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
CURL-CVE-2024-6874 macidn punycode buffer overread
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
CVE-2024-6874 macidn punycode buffer overread
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
CVE-2024-6874 macidn punycode buffer overread
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
CVE-2024-6874
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
curl: CVE-2024-6874: macidn punycode buffer overread
The libcurl at commit 58772b0e082eda333e0a5fc8fb0bc7f17a3cd99c contained a stack-buffer overread in the function macidntoascii that could be triggered when the host of a URL was converted to punycode. The root cause was in the function uidnanameToASCIIUTF8, which left the output buffer unterminat...