cve/2024/CVE-2024-7264.md

### [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264)
![](https://img.shields.io/static/v1?label=Product&message=curl&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=8.9.0%3C%3D%208.9.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%20Out-of-bounds%20Read&color=brighgreen)

### Description

libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing anASN.1 Generalized Time field. If given an syntactically incorrect field, theparser might end up using -1 for the length of the *time fraction*, leading toa `strlen()` getting performed on a pointer to a heap buffer area that is not(purposely) null terminated.This flaw most likely leads to a crash, but can also lead to heap contentsgetting returned to the application when[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Nucl3arAt0m/Elevate-Labs-Task-3
- https://github.com/SruthinagaK/linux-manual-vulnerabitltiy-labscan-June2025