Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 937125 (CVE-2024-7264) - <net-misc/curl-8.9.1: ASN.1 date parser overread
Summary: <net-misc/curl-8.9.1: ASN.1 date parser overread
Status: CONFIRMED
Alias: CVE-2024-7264
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://curl.se/docs/CVE-2024-7264.html
Whiteboard: A3 [glsa? cleanup]
Keywords:
Depends on: 939552
Blocks:
  Show dependency tree
 
Reported: 2024-08-02 13:36 UTC by Christopher Fore
Modified: 2024-11-10 08:54 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Fore 2024-08-02 13:36:02 UTC
CVE-2024-7264:

libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an
ASN.1 Generalized Time field. If given an syntactically incorrect field, the
parser might end up using -1 for the length of the *time fraction*, leading to
a `strlen()` getting performed on a pointer to a heap buffer area that is not
(purposely) null terminated.

This flaw most likely leads to a crash, but can also lead to heap contents
getting returned to the application when CURLINFO_CERTINFO is used.


Affected versions: curl 7.32.0 to and including 8.9.0