Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 937125 (CVE-2024-7264)

Summary: <net-misc/curl-8.9.1: ASN.1 date parser overread
Product: Gentoo Security Reporter: Christopher Fore <csfore>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: base-system, kangie
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://curl.se/docs/CVE-2024-7264.html
Whiteboard: A3 [glsa? cleanup]
Package list:
Runtime testing required: ---
Bug Depends on: 939552    
Bug Blocks:    

Description Christopher Fore 2024-08-02 13:36:02 UTC
CVE-2024-7264:

libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an
ASN.1 Generalized Time field. If given an syntactically incorrect field, the
parser might end up using -1 for the length of the *time fraction*, leading to
a `strlen()` getting performed on a pointer to a heap buffer area that is not
(purposely) null terminated.

This flaw most likely leads to a crash, but can also lead to heap contents
getting returned to the application when CURLINFO_CERTINFO is used.


Affected versions: curl 7.32.0 to and including 8.9.0