CVE-2024-7264

moderate-risk

Published 2024-07-31

libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.

Do I need to act?

0.88% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Libcurl

Affected Vendors

Haxx

References (9)

Mailing List http://www.openwall.com/lists/oss-security/2024/07/31/1

Vendor Advisory https://curl.se/docs/CVE-2024-7264.html

Vendor Advisory https://curl.se/docs/CVE-2024-7264.json

Exploit https://hackerone.com/reports/2629968

Mailing List http://www.openwall.com/lists/oss-security/2024/07/31/1

https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519

https://security.netapp.com/advisory/ntap-20240828-0008/

https://security.netapp.com/advisory/ntap-20241025-0006/

https://security.netapp.com/advisory/ntap-20241025-0010/

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 3/34 · Minimal

Exposure 5/34 · Minimal