CVE-2024-7264

EUVD-2024-48211

31.07.2024, 08:15

libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an
ASN.1 Generalized Time field. If given an syntactically incorrect field, the
parser might end up using -1 for the length of the *time fraction*, leading to
a `strlen()` getting performed on a pointer to a heap buffer area that is not
(purposely) null terminated.

This flaw most likely leads to a crash, but can also lead to heap contents
getting returned to the application when
[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
curl	CNA	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 74%

Affected Products (NVD)

Vendor	Product	Version
haxx	libcurl	7.32.0 ≤ 𝑥 < 8.9.1

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
curl	curl	𝑥 ≤ 8.9.0	CNA
curl	curl	𝑥 ≤ 8.8.0	CNA
curl	curl	𝑥 ≤ 8.7.1	CNA
curl	curl	𝑥 ≤ 8.7.0	CNA
curl	curl	𝑥 ≤ 8.6.0	CNA
curl	curl	𝑥 ≤ 8.5.0	CNA
curl	curl	𝑥 ≤ 8.4.0	CNA
curl	curl	𝑥 ≤ 8.3.0	CNA
curl	curl	𝑥 ≤ 8.2.1	CNA
curl	curl	𝑥 ≤ 8.2.0	CNA
curl	curl	𝑥 ≤ 8.1.2	CNA
curl	curl	𝑥 ≤ 8.1.1	CNA
curl	curl	𝑥 ≤ 8.1.0	CNA
curl	curl	𝑥 ≤ 8.0.1	CNA
curl	curl	𝑥 ≤ 8.0.0	CNA
curl	curl	𝑥 ≤ 7.88.1	CNA
curl	curl	𝑥 ≤ 7.88.0	CNA
curl	curl	𝑥 ≤ 7.87.0	CNA
curl	curl	𝑥 ≤ 7.86.0	CNA
curl	curl	𝑥 ≤ 7.85.0	CNA
curl	curl	𝑥 ≤ 7.84.0	CNA
curl	curl	𝑥 ≤ 7.83.1	CNA
curl	curl	𝑥 ≤ 7.83.0	CNA
curl	curl	𝑥 ≤ 7.82.0	CNA
curl	curl	𝑥 ≤ 7.81.0	CNA
curl	curl	𝑥 ≤ 7.80.0	CNA
curl	curl	𝑥 ≤ 7.79.1	CNA
curl	curl	𝑥 ≤ 7.79.0	CNA
curl	curl	𝑥 ≤ 7.78.0	CNA
curl	curl	𝑥 ≤ 7.77.0	CNA
curl	curl	𝑥 ≤ 7.76.1	CNA
curl	curl	𝑥 ≤ 7.76.0	CNA
curl	curl	𝑥 ≤ 7.75.0	CNA
curl	curl	𝑥 ≤ 7.74.0	CNA
curl	curl	𝑥 ≤ 7.73.0	CNA
curl	curl	𝑥 ≤ 7.72.0	CNA
curl	curl	𝑥 ≤ 7.71.1	CNA
curl	curl	𝑥 ≤ 7.71.0	CNA
curl	curl	𝑥 ≤ 7.70.0	CNA
curl	curl	𝑥 ≤ 7.69.1	CNA
curl	curl	𝑥 ≤ 7.69.0	CNA
curl	curl	𝑥 ≤ 7.68.0	CNA
curl	curl	𝑥 ≤ 7.67.0	CNA
curl	curl	𝑥 ≤ 7.66.0	CNA
curl	curl	𝑥 ≤ 7.65.3	CNA
curl	curl	𝑥 ≤ 7.65.2	CNA
curl	curl	𝑥 ≤ 7.65.1	CNA
curl	curl	𝑥 ≤ 7.65.0	CNA
curl	curl	𝑥 ≤ 7.64.1	CNA
curl	curl	𝑥 ≤ 7.64.0	CNA
curl	curl	𝑥 ≤ 7.63.0	CNA
curl	curl	𝑥 ≤ 7.62.0	CNA
curl	curl	𝑥 ≤ 7.61.1	CNA
curl	curl	𝑥 ≤ 7.61.0	CNA
curl	curl	𝑥 ≤ 7.60.0	CNA
curl	curl	𝑥 ≤ 7.59.0	CNA
curl	curl	𝑥 ≤ 7.58.0	CNA
curl	curl	𝑥 ≤ 7.57.0	CNA
curl	curl	𝑥 ≤ 7.56.1	CNA
curl	curl	𝑥 ≤ 7.56.0	CNA
curl	curl	𝑥 ≤ 7.55.1	CNA
curl	curl	𝑥 ≤ 7.55.0	CNA
curl	curl	𝑥 ≤ 7.54.1	CNA
curl	curl	𝑥 ≤ 7.54.0	CNA
curl	curl	𝑥 ≤ 7.53.1	CNA
curl	curl	𝑥 ≤ 7.53.0	CNA
curl	curl	𝑥 ≤ 7.52.1	CNA
curl	curl	𝑥 ≤ 7.52.0	CNA
curl	curl	𝑥 ≤ 7.51.0	CNA
curl	curl	𝑥 ≤ 7.50.3	CNA
curl	curl	𝑥 ≤ 7.50.2	CNA
curl	curl	𝑥 ≤ 7.50.1	CNA
curl	curl	𝑥 ≤ 7.50.0	CNA
curl	curl	𝑥 ≤ 7.49.1	CNA
curl	curl	𝑥 ≤ 7.49.0	CNA
curl	curl	𝑥 ≤ 7.48.0	CNA
curl	curl	𝑥 ≤ 7.47.1	CNA
curl	curl	𝑥 ≤ 7.47.0	CNA
curl	curl	𝑥 ≤ 7.46.0	CNA
curl	curl	𝑥 ≤ 7.45.0	CNA
curl	curl	𝑥 ≤ 7.44.0	CNA
curl	curl	𝑥 ≤ 7.43.0	CNA
curl	curl	𝑥 ≤ 7.42.1	CNA
curl	curl	𝑥 ≤ 7.42.0	CNA
curl	curl	𝑥 ≤ 7.41.0	CNA
curl	curl	𝑥 ≤ 7.40.0	CNA
curl	curl	𝑥 ≤ 7.39.0	CNA
curl	curl	𝑥 ≤ 7.38.0	CNA
curl	curl	𝑥 ≤ 7.37.1	CNA
curl	curl	𝑥 ≤ 7.37.0	CNA
curl	curl	𝑥 ≤ 7.36.0	CNA
curl	curl	𝑥 ≤ 7.35.0	CNA
curl	curl	𝑥 ≤ 7.34.0	CNA
curl	curl	𝑥 ≤ 7.33.0	CNA
curl	curl	𝑥 ≤ 7.32.0	CNA

Debian Releases

Debian Product

Codename

curl

bookworm	7.88.1-10+deb12u14 fixed
bookworm (security)	vulnerable
bullseye	7.74.0-1.3+deb11u13 fixed
bullseye (security)	7.74.0-1.3+deb11u15 fixed
forky	8.18.0~rc2-1 fixed
sid	8.18.0~rc3-1 fixed
trixie	8.14.1-2+deb13u2 fixed

Ubuntu Releases

Ubuntu Product

Codename

curl

bionic	Fixed 7.58.0-2ubuntu3.24+esm5 released
focal	Fixed 7.68.0-1ubuntu2.23 released
jammy	Fixed 7.81.0-1ubuntu1.17 released
noble	Fixed 8.5.0-2ubuntu10.2 released
oracular	Fixed 8.9.1-2ubuntu1 released
plucky	Fixed 8.9.1-2ubuntu1 released
questing	Fixed 8.9.1-2ubuntu1 released
trusty	Fixed 7.35.0-1ubuntu2.20+esm18 released
xenial	Fixed 7.47.0-1ubuntu2.19+esm13 released

openSUSE / SLES Releases

openSUSE Product

Release

curl

suse enterprise desktop 15 SP5	8.0.1-150400.5.47.1 fixed
suse enterprise desktop 15 SP6	8.6.0-150600.4.3.1 fixed
suse enterprise desktop 15 SP7	8.6.0-150600.4.3.1 fixed
suse enterprise sap 12 SP5	8.0.1-11.89.1 fixed
suse enterprise sap 15 SP5	8.0.1-150400.5.47.1 fixed
suse enterprise sap 15 SP6	8.6.0-150600.4.3.1 fixed
suse enterprise sap 15 SP7	8.6.0-150600.4.3.1 fixed
suse enterprise server 12 SP3	7.37.0-37.107.1 fixed
suse enterprise server 12 SP5	8.0.1-11.89.1 fixed
suse enterprise server 15 SP4	8.0.1-150400.5.47.1 fixed
suse enterprise server 15 SP5	8.0.1-150400.5.47.1 fixed
suse enterprise server 15 SP6	8.6.0-150600.4.3.1 fixed
suse enterprise server 15 SP7	8.6.0-150600.4.3.1 fixed

libcurl-devel

suse enterprise desktop 15 SP5	8.0.1-150400.5.47.1 fixed
suse enterprise desktop 15 SP6	8.6.0-150600.4.3.1 fixed
suse enterprise desktop 15 SP7	8.6.0-150600.4.3.1 fixed
suse enterprise sap 15 SP5	8.0.1-150400.5.47.1 fixed
suse enterprise sap 15 SP6	8.6.0-150600.4.3.1 fixed
suse enterprise sap 15 SP7	8.6.0-150600.4.3.1 fixed
suse enterprise server 15 SP4	8.0.1-150400.5.47.1 fixed
suse enterprise server 15 SP5	8.0.1-150400.5.47.1 fixed
suse enterprise server 15 SP6	8.6.0-150600.4.3.1 fixed
suse enterprise server 15 SP7	8.6.0-150600.4.3.1 fixed

libcurl4

suse enterprise desktop 15 SP5	8.0.1-150400.5.47.1 fixed
suse enterprise desktop 15 SP6	8.6.0-150600.4.3.1 fixed
suse enterprise desktop 15 SP7	8.6.0-150600.4.3.1 fixed
suse enterprise sap 12 SP5	8.0.1-11.89.1 fixed
suse enterprise sap 15 SP5	8.0.1-150400.5.47.1 fixed
suse enterprise sap 15 SP6	8.6.0-150600.4.3.1 fixed
suse enterprise sap 15 SP7	8.6.0-150600.4.3.1 fixed
suse enterprise server 12 SP3	7.37.0-37.107.1 fixed
suse enterprise server 12 SP5	8.0.1-11.89.1 fixed
suse enterprise server 15 SP4	8.0.1-150400.5.47.1 fixed
suse enterprise server 15 SP5	8.0.1-150400.5.47.1 fixed
suse enterprise server 15 SP6	8.6.0-150600.4.3.1 fixed
suse enterprise server 15 SP7	8.6.0-150600.4.3.1 fixed

libcurl4-32bit

suse enterprise desktop 15 SP5	8.0.1-150400.5.47.1 fixed
suse enterprise desktop 15 SP6	8.6.0-150600.4.3.1 fixed
suse enterprise desktop 15 SP7	8.6.0-150600.4.3.1 fixed
suse enterprise sap 12 SP5	8.0.1-11.89.1 fixed
suse enterprise sap 15 SP5	8.0.1-150400.5.47.1 fixed
suse enterprise sap 15 SP6	8.6.0-150600.4.3.1 fixed
suse enterprise sap 15 SP7	8.6.0-150600.4.3.1 fixed
suse enterprise server 12 SP3	7.37.0-37.107.1 fixed
suse enterprise server 12 SP5	8.0.1-11.89.1 fixed
suse enterprise server 15 SP4	8.0.1-150400.5.47.1 fixed
suse enterprise server 15 SP5	8.0.1-150400.5.47.1 fixed
suse enterprise server 15 SP6	8.6.0-150600.4.3.1 fixed
suse enterprise server 15 SP7	8.6.0-150600.4.3.1 fixed