ROS-20240812-14

Vulnerability of the utf8asn1str function of the ASN1 parser of the cURL command line utility is related to the release of previously unallocated memory when processing the ASN1 UTF-8 string. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2024-6197

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...