CVE-2024-6197

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libcurl (affected versions not specified)

Description The issue is related to libcurl's ASN1 parser, specifically the utf8asn1str() function used for parsing an ASN.1 UTF-8 string. When an invalid field is detected, the function returns an error and invokes free() on a 4-byte local stack buffer. This can lead to the overwriting of nearby stack memory, with the content of the overwrite decided by the free() implementation, likely including memory pointers and a set of flags. The most likely outcome of exploiting this flaw is a crash, although more serious results cannot be ruled out in special circumstances. According to JFrog security researchers, the preconditions for vulnerability are more extensive than initially believed, making real-world exploitation very difficult.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-590

Related Identifiers

ALT-PU-2024-10355

ALT-PU-2024-14880

ALT-PU-2024-16747

ALT-PU-2025-1416

AZL-47023

AZL-47028

AZL-47049

BDU:2024-06023

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2024-6197

JLSEC-2025-36

OPENSUSE-SU-2024:14225-1

SUSE-SU-2024:2784-1

SUSE-SU-2024_2784-1

SUSE-SU-2025:20029-1

Affected Products

Alt Linux

Astra Linux

Red Os

Suse

Windows

Libcurl

CVE-2024-6197

Weakness Enumeration

Related Identifiers

Affected Products

References · 324