Libcurl · Libcurl · CVE-2024-7264
**Name of the Vulnerable Software and Affected Versions**
libcurl (affected versions not specified)
**Description**
The issue is related to the `GTime2str()` function in libcurl's ASN1 parser code, which is used for parsing an ASN.1 Generalized Time field. If given a syntactically incorrect field, the parser might end up using -1 for the length of the `time fraction`, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when `CURLINFO CERTINFO` is used.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.