Haxx libcurl 8.9.0

CPE Details

Haxx libcurl 8.9.0
8.9.0
2024-07-26
12h56 +00:00
2024-07-26
12h56 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:haxx:libcurl:8.9.0:*:*:*:*:*:*:*

Informations

Vendor

haxx

Product

libcurl

Version

8.9.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-7264 2024-07-31 08h08 +00:00 libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.
6.5
Medium