mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
976 B
976 B
CVE-2024-6874
Description
libcurl's URL API functioncurl_url_get() offers punycodeconversions, to and from IDN. Asking to convert a name that is exactly 256bytes, libcurl ends up reading outside of a stack based buffer when built touse the macidn IDN backend. The conversion function then fills up theprovided buffer exactly - but does not null terminate the string.This flaw can lead to stack contents accidently getting returned as part ofthe converted string.
POC
Reference
No PoCs from references.