CVE-2024-7264

libcurl's ASN1 parser code has the GTime2str() function, used for parsing anASN.1 Generalized Time field. If given an syntactically incorrect field, theparser might end up using -1 for the length of the time fraction , leading toa strlen() getting performed on a pointer to a heap buffer area that i...

CVE-2024-6197

libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free() on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...