CVE-2024-7264
ASN.1 date parser overread
Severity Score
"-"
*CVSS v-
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an
ASN.1 Generalized Time field. If given an syntactically incorrect field, the
parser might end up using -1 for the length of the *time fraction*, leading to
a `strlen()` getting performed on a pointer to a heap buffer area that is not
(purposely) null terminated.
This flaw most likely leads to a crash, but can also lead to heap contents
getting returned to the application when
[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.
*Credits:
Dov Murik (Transmit Security), Stefan Eissing
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-07-30 CVE Reserved
- 2024-07-31 CVE Published
- 2024-08-13 EPSS Updated
- 2024-08-28 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://curl.se/docs/CVE-2024-7264.html | ||
| https://curl.se/docs/CVE-2024-7264.json | ||
| https://hackerone.com/reports/2629968 | ||
| http://www.openwall.com/lists/oss-security/2024/07/31/1 |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 8.9.0 Search vendor "Curl" for product "Curl" and version "8.9.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 8.8.0 Search vendor "Curl" for product "Curl" and version "8.8.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 8.7.1 Search vendor "Curl" for product "Curl" and version "8.7.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 8.7.0 Search vendor "Curl" for product "Curl" and version "8.7.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 8.6.0 Search vendor "Curl" for product "Curl" and version "8.6.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 8.5.0 Search vendor "Curl" for product "Curl" and version "8.5.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 8.4.0 Search vendor "Curl" for product "Curl" and version "8.4.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 8.3.0 Search vendor "Curl" for product "Curl" and version "8.3.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 8.2.1 Search vendor "Curl" for product "Curl" and version "8.2.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 8.2.0 Search vendor "Curl" for product "Curl" and version "8.2.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 8.1.2 Search vendor "Curl" for product "Curl" and version "8.1.2" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 8.1.1 Search vendor "Curl" for product "Curl" and version "8.1.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 8.1.0 Search vendor "Curl" for product "Curl" and version "8.1.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 8.0.1 Search vendor "Curl" for product "Curl" and version "8.0.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 8.0.0 Search vendor "Curl" for product "Curl" and version "8.0.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.88.1 Search vendor "Curl" for product "Curl" and version "7.88.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.88.0 Search vendor "Curl" for product "Curl" and version "7.88.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.87.0 Search vendor "Curl" for product "Curl" and version "7.87.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.86.0 Search vendor "Curl" for product "Curl" and version "7.86.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.85.0 Search vendor "Curl" for product "Curl" and version "7.85.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.84.0 Search vendor "Curl" for product "Curl" and version "7.84.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.83.1 Search vendor "Curl" for product "Curl" and version "7.83.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.83.0 Search vendor "Curl" for product "Curl" and version "7.83.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.82.0 Search vendor "Curl" for product "Curl" and version "7.82.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.81.0 Search vendor "Curl" for product "Curl" and version "7.81.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.80.0 Search vendor "Curl" for product "Curl" and version "7.80.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.79.1 Search vendor "Curl" for product "Curl" and version "7.79.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.79.0 Search vendor "Curl" for product "Curl" and version "7.79.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.78.0 Search vendor "Curl" for product "Curl" and version "7.78.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.77.0 Search vendor "Curl" for product "Curl" and version "7.77.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.76.1 Search vendor "Curl" for product "Curl" and version "7.76.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.76.0 Search vendor "Curl" for product "Curl" and version "7.76.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.75.0 Search vendor "Curl" for product "Curl" and version "7.75.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.74.0 Search vendor "Curl" for product "Curl" and version "7.74.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.73.0 Search vendor "Curl" for product "Curl" and version "7.73.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.72.0 Search vendor "Curl" for product "Curl" and version "7.72.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.71.1 Search vendor "Curl" for product "Curl" and version "7.71.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.71.0 Search vendor "Curl" for product "Curl" and version "7.71.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.70.0 Search vendor "Curl" for product "Curl" and version "7.70.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.69.1 Search vendor "Curl" for product "Curl" and version "7.69.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.69.0 Search vendor "Curl" for product "Curl" and version "7.69.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.68.0 Search vendor "Curl" for product "Curl" and version "7.68.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.67.0 Search vendor "Curl" for product "Curl" and version "7.67.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.66.0 Search vendor "Curl" for product "Curl" and version "7.66.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.65.3 Search vendor "Curl" for product "Curl" and version "7.65.3" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.65.2 Search vendor "Curl" for product "Curl" and version "7.65.2" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.65.1 Search vendor "Curl" for product "Curl" and version "7.65.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.65.0 Search vendor "Curl" for product "Curl" and version "7.65.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.64.1 Search vendor "Curl" for product "Curl" and version "7.64.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.64.0 Search vendor "Curl" for product "Curl" and version "7.64.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.63.0 Search vendor "Curl" for product "Curl" and version "7.63.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.62.0 Search vendor "Curl" for product "Curl" and version "7.62.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.61.1 Search vendor "Curl" for product "Curl" and version "7.61.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.61.0 Search vendor "Curl" for product "Curl" and version "7.61.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.60.0 Search vendor "Curl" for product "Curl" and version "7.60.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.59.0 Search vendor "Curl" for product "Curl" and version "7.59.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.58.0 Search vendor "Curl" for product "Curl" and version "7.58.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.57.0 Search vendor "Curl" for product "Curl" and version "7.57.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.56.1 Search vendor "Curl" for product "Curl" and version "7.56.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.56.0 Search vendor "Curl" for product "Curl" and version "7.56.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.55.1 Search vendor "Curl" for product "Curl" and version "7.55.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.55.0 Search vendor "Curl" for product "Curl" and version "7.55.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.54.1 Search vendor "Curl" for product "Curl" and version "7.54.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.54.0 Search vendor "Curl" for product "Curl" and version "7.54.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.53.1 Search vendor "Curl" for product "Curl" and version "7.53.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.53.0 Search vendor "Curl" for product "Curl" and version "7.53.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.52.1 Search vendor "Curl" for product "Curl" and version "7.52.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.52.0 Search vendor "Curl" for product "Curl" and version "7.52.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.51.0 Search vendor "Curl" for product "Curl" and version "7.51.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.50.3 Search vendor "Curl" for product "Curl" and version "7.50.3" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.50.2 Search vendor "Curl" for product "Curl" and version "7.50.2" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.50.1 Search vendor "Curl" for product "Curl" and version "7.50.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.50.0 Search vendor "Curl" for product "Curl" and version "7.50.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.49.1 Search vendor "Curl" for product "Curl" and version "7.49.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.49.0 Search vendor "Curl" for product "Curl" and version "7.49.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.48.0 Search vendor "Curl" for product "Curl" and version "7.48.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.47.1 Search vendor "Curl" for product "Curl" and version "7.47.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.47.0 Search vendor "Curl" for product "Curl" and version "7.47.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.46.0 Search vendor "Curl" for product "Curl" and version "7.46.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.45.0 Search vendor "Curl" for product "Curl" and version "7.45.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.44.0 Search vendor "Curl" for product "Curl" and version "7.44.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.43.0 Search vendor "Curl" for product "Curl" and version "7.43.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.42.1 Search vendor "Curl" for product "Curl" and version "7.42.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.42.0 Search vendor "Curl" for product "Curl" and version "7.42.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.41.0 Search vendor "Curl" for product "Curl" and version "7.41.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.40.0 Search vendor "Curl" for product "Curl" and version "7.40.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.39.0 Search vendor "Curl" for product "Curl" and version "7.39.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.38.0 Search vendor "Curl" for product "Curl" and version "7.38.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.37.1 Search vendor "Curl" for product "Curl" and version "7.37.1" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.37.0 Search vendor "Curl" for product "Curl" and version "7.37.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.36.0 Search vendor "Curl" for product "Curl" and version "7.36.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.35.0 Search vendor "Curl" for product "Curl" and version "7.35.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.34.0 Search vendor "Curl" for product "Curl" and version "7.34.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.33.0 Search vendor "Curl" for product "Curl" and version "7.33.0" | en |
Affected
| ||||||
| Curl Search vendor "Curl" | Curl Search vendor "Curl" for product "Curl" | 7.32.0 Search vendor "Curl" for product "Curl" and version "7.32.0" | en |
Affected
| ||||||