ALT-PU-2024-10569-4
Closed vulnerabilities
BDU:2024-05923
Уязвимость функции GTime2str парсера ASN1 Parser библиотеки libcurl, позволяющая нарушителю вызвать октаз в обслуживании
BDU:2024-06023
Уязвимость функции utf8asn1str() парсера ASN1 утилиты командной строки cURL, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2024-06024
Уязвимость функции curl_url_get() утилиты командной строки cURL, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-29
CVE-2024-6197
libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.
- http://www.openwall.com/lists/oss-security/2024/07/24/1
- http://www.openwall.com/lists/oss-security/2024/07/24/1
- http://www.openwall.com/lists/oss-security/2024/07/24/5
- http://www.openwall.com/lists/oss-security/2024/07/24/5
- www
- www
- json
- json
- issue
- issue
- https://security.netapp.com/advisory/ntap-20241129-0008/
Modified: 2024-11-21
CVE-2024-6874
libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the *macidn* IDN backend. The conversion function then fills up the provided buffer exactly - but does not null terminate the string. This flaw can lead to stack contents accidently getting returned as part of the converted string.
Modified: 2024-11-21
CVE-2024-7264
libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.
Closed bugs
curl --fail возвращает код ошибки 56 вместо 22