CVE-2024-6197

EUVD-2024-47336
libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer.  Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags.  The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
haxxlibcurl
8.6.0 ≤
𝑥
< 8.9.0
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
1809 (x64, x86)
KB5044277
21H2 (arm64, x64, x86)
KB5044273
22H2 (arm64, x64, x86)
KB5044273
Windows 11
21H2 (arm64, x64)
KB5044280
22H2 (arm64, x64)
KB5044285
23H2 (arm64, x64)
KB5044285
24H2 (arm64, x64)
KB5044284
Windows Server 2019
Server Core
KB5044277
Standard
KB5044277
Windows Server 2022
23H2 Server Core
KB5044288
Server Core
KB5044281
Standard
KB5044281
Debian logo
Debian Releases
Debian Product
Codename
curl
bookworm
7.88.1-10+deb12u14
not-affected
bookworm (security)
7.88.1-10+deb12u5
fixed
bullseye
7.74.0-1.3+deb11u13
not-affected
bullseye (security)
7.74.0-1.3+deb11u15
fixed
forky
8.18.0~rc2-1
fixed
sid
8.18.0~rc3-1
fixed
trixie
8.14.1-2+deb13u2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
curl
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
oracular
Fixed 8.9.1-2ubuntu1
released
trusty
not-affected
xenial
not-affected
References
http://www.openwall.com/lists/oss-security/2024/07/24/1
http://www.openwall.com/lists/oss-security/2024/07/24/5
https://curl.se/docs/CVE-2024-6197.html
https://curl.se/docs/CVE-2024-6197.json
https://hackerone.com/reports/2559516
http://www.openwall.com/lists/oss-security/2024/07/24/1
http://www.openwall.com/lists/oss-security/2024/07/24/5
https://curl.se/docs/CVE-2024-6197.html
https://curl.se/docs/CVE-2024-6197.json
https://hackerone.com/reports/2559516
https://security.netapp.com/advisory/ntap-20241129-0008/