CVE-2024-7264

libcurl's ASN1 parser code has the GTime2str() function, used for parsing anASN.1 Generalized Time field. If given an syntactically incorrect field, theparser might end up using -1 for the length of the time fraction , leading toa strlen() getting performed on a pointer to a heap buffer area that i...

CVE-2024-6874

libcurl's URL API functioncurl_url_get() offers punycodeconversions, to and from IDN. Asking to convert a name that is exactly 256bytes, libcurl ends up reading outside of a stack based buffer when built touse the macidn IDN backend. The conversion function then fills up theprovided buffer exactly ...

CVE-2024-6197

libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free() on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...