DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-7264

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-7264

CGA ID

CGA-962m-89hc-rmjq

Severity

6.5

Medium

CVSS V3

Description

libcurl's ASN1 parser code has the GTime2str() function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen() getting performed on a pointer to a heap buffer area that is not (purposely) null terminated.

This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when CURLINFO_CERTINFO is used.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images