Haxx libcurl 8.7.1

CPE Details

Haxx libcurl 8.7.1
8.7.1
2024-07-26
12h56 +00:00
2024-07-26
12h56 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:haxx:libcurl:8.7.1:*:*:*:*:*:*:*

Informations

Vendor

haxx

Product

libcurl

Version

8.7.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-7264 2024-07-31 08h08 +00:00 libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.
6.5
Medium
CVE-2024-6197 2024-07-24 07h29 +00:00 libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.
7.5
High