CVE-2024-7264
MEDIUM | Platform: watchOS | Changelog
CVE Details
Description
libcurl’s ASN1 parser code has the GTime2str() function, used for parsing an
ASN.1 Generalized Time field. If given an syntactically incorrect field, the
parser might end up using -1 for the length of the time fraction, leading to
a strlen() getting performed on a pointer to a heap buffer area that is not
(purposely) null terminated.
This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when CURLINFO_CERTINFO is used.
CVSS 3.1 Score
| Metric | Value |
|---|---|
| Base Score | 6.5 (MEDIUM) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Weakness
References
- Apple Security Advisory
- NVD Entry
- http://www.openwall.com/lists/oss-security/2024/07/31/1 (Mailing List)
- https://curl.se/docs/CVE-2024-7264.html (Vendor Advisory)
- https://curl.se/docs/CVE-2024-7264.json (Vendor Advisory)
- https://hackerone.com/reports/2629968 (Exploit, Issue Tracking, Permissions Required, Third Party Advisory)
- https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519
- https://security.netapp.com/advisory/ntap-20240828-0008/
- https://security.netapp.com/advisory/ntap-20241025-0006/