EUVD-2024-47336

Malicious code in bioql PyPI...

Security update for curl

This update for curl fixes the following issues: Security issues fixed: CVE-2024-7264: ASN.1 date parser overread bsc1228535 CVE-2024-6197: Freeing stack buffer in utf8asn1str bsc1227888 CVE-2024-2379: QUIC certificate check bypass with wolfSSL bsc1221666 CVE-2024-2466: TLS certificate check bypa...

ROS-20240812-14

Vulnerability of the utf8asn1str function of the ASN1 parser of the cURL command line utility is related to the release of previously unallocated memory when processing the ASN1 UTF-8 string. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20240812-34

A vulnerability in the utf8asn1str function of the ASN1 parser of the cURL command line utility is related to the release of previously unallocated memory when processing the ASN1 UTF-8 string. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

SUSE-SU-2024:2784-1 Security update for curl

This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread bsc1228535 - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str bsc1227888...

Stack-based Buffer Overflow

libcurl.so is vulnerable to a Stack-based Buffer Overflow. The vulnerability is due to improper handling of memory in the utf8asn1str function, which invokes free function on a 4-byte local stack buffer when detecting an invalid field. Attackers can exploit this flaw to overwrite nearby stack...

AZL-47028 CVE-2024-6197 affecting package cmake for versions less than 3.30.3-2

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

AZL-47049 CVE-2024-6197 affecting package curl for versions less than 8.8.0-2

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

CVE-2024-6197

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

CURL-CVE-2024-6197 freeing stack buffer in utf8asn1str

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. It can detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte local stack buffer. Most modern malloc implementations detect this error and immediately abort...

CVE-2024-6197

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

CVE-2024-6197

CVE-2024-6197 affects libcurl’s ASN.1 parser (utf8asn1str) where freeing a 4-byte local stack buffer on error can corrupt nearby stack memory depending on the malloc implementation; outcome most often is a crash, with remote exploitation not detailed in the provided documents. Connected sources c...

CVE-2024-6197 freeing stack buffer in utf8asn1str

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

CVE-2024-6197 freeing stack buffer in utf8asn1str

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

CVE-2024-6197

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

CVE-2024-6197

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

curl: CVE-2024-6197: freeing stack buffer in utf8asn1str

The libcurl library at commit 04739054cdac5a0614fb94e3655e313c03399f35 contained an invalid invocation of the free function in the utf8asn1str function. The buffer being freed was located on the stack, which posed a security risk as the freed address could have been later returned by malloc calls...