CVE-2024-7264

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libcurl (affected versions not specified)

Description The issue is related to the GTime2str() function in libcurl's ASN1 parser code, which is used for parsing an ASN.1 Generalized Time field. If given a syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen() getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when CURLINFO CERTINFO is used.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025:1671

ALSA-2025:1673

ALT-PU-2024-10567

ALT-PU-2024-14880

ALT-PU-2024-16747

ALT-PU-2025-1416

AZL-47253

AZL-47282

BDU:2024-05923

CESA-2025_1673

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2024-7264

INFSA-2025_1671

INFSA-2025_1673

JLSEC-2025-38

OPENSUSE-SU-2024:14261-1

OPENSUSE-SU-2024_3080-1

RHSA-2025:1671

RHSA-2025:1673

RHSA-2025_1671

RHSA-2025_1673

RLSA-2025:1671

RLSA-2025:1673

SUSE-SU-2024:2784-1

SUSE-SU-2024:2930-1

SUSE-SU-2024:2938-1

SUSE-SU-2024:3080-1

SUSE-SU-2024:3080-2

SUSE-SU-2024:3202-1

SUSE-SU-2024_2938-1

SUSE-SU-2024_3080-1

SUSE-SU-2024_3080-2

SUSE-SU-2025:20029-1

USN-6944-1

USN-6944-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Apple Macos

Mysql Server

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libcurl

CVE-2024-7264

Weakness Enumeration

Related Identifiers

Affected Products

References · 492