mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
9.2 KiB
9.2 KiB
CVE-2024-7264
Description
libcurl's ASN1 parser code has the GTime2str() function, used for parsing anASN.1 Generalized Time field. If given an syntactically incorrect field, theparser might end up using -1 for the length of the time fraction, leading toa strlen() getting performed on a pointer to a heap buffer area that is not(purposely) null terminated.This flaw most likely leads to a crash, but can also lead to heap contentsgetting returned to the application whenCURLINFO_CERTINFO is used.
POC
Reference
No PoCs from references.