Lucene search
Ubuntu.comUB:CVE-2024-6874HistoryJul 24, 2024 - 12:00 a.m.
CVE-2024-6874
2024-07-2400:00:00
ubuntu.com
ubuntu.com
3
libcurl
url api
stack buffer overflow
punycode
idn
macidn
conversion
buffer
stack contents
cve-2024-6874
libcurl’s URL API function
curl_url_get() offers
punycode
conversions, to and from IDN. Asking to convert a name that is exactly 256
bytes, libcurl ends up reading outside of a stack based buffer when built
to
use the macidn IDN backend. The conversion function then fills up the
provided buffer exactly - but does not null terminate the string.
This flaw can lead to stack contents accidently getting returned as part of
the converted string.
Notes
| Author | Note |
|---|---|
| Priority reason: Upstream rates this as being low severity | |
| mdeslaur | only affects macos builds |
Related
debiancve
debiancve
CVE-2024-6874
2024-07-24 08:15:03
vulnrichment
vulnrichment
CVE-2024-6874 macidn punycode buffer overread
2024-07-24 07:36:26
cve
cve
CVE-2024-6874
2024-07-24 08:15:03
veracode
veracode
Out-of-Bounds Read
2024-07-30 09:26:03
cvelist
cvelist
CVE-2024-6874 macidn punycode buffer overread
2024-07-24 07:36:26
osv
osv
macidn punycode buffer overread
2024-07-24 08:00:00
CVE-2024-6874
2024-07-24 08:15:03
redhatcve
redhatcve
CVE-2024-6874
2024-07-25 06:41:23
alpinelinux
alpinelinux
CVE-2024-6874
2024-07-24 08:15:03
nvd
nvd
CVE-2024-6874
2024-07-24 08:15:03
hackerone
hackerone
curl: CVE-2024-6874: macidn punycode buffer overread
2024-07-16 02:07:09
ibm
ibm
nessus
nessus
Tenable Security Center Multiple Vulnerabilities (TNS-2024-13)
2024-08-14 00:00:00