logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2024-7264

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2024-7264

Description:
libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.
Last updated date:
10/30/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
08/12/2024
Reference url to background

https://hackerone.com/reports/2629968

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2025

Privacy Policy