libcurl's ASN1 parser vulnerability can lead to stack memory corruption and crash
CVE-2024-6197

7.5HIGH

Key Information:

Vendor: Curl
Status: Curl
Vendor: CVE Published:; 24 July 2024

What is CVE-2024-6197?

The ASN1 parser in libcurl is susceptible to a vulnerability within the utf8asn1str() function, which is designed to parse ASN.1 UTF-8 strings. When this function encounters an invalid field, it raises an error. However, during this process, it inadvertently triggers the 'free()' function on a four-byte local stack buffer. While many modern memory allocation implementations can detect this type of error and abort, certain implementations may instead accept the pointer to the invalid buffer and incorporate it into their list of available memory chunks. This situation creates a risk of overwriting adjacent stack memory. The actual content that gets overwritten is determined by the specific implementation of 'free()', which typically includes memory pointers and various flags. While the most common response to exploiting this flaw is a crash of the application, there remains a possibility that more severe outcomes could occur under certain circumstances.

Affected Version(s)

curl 8.8.0

curl 8.7.1

curl 8.7.0

References

https://curl.se/docs/CVE-2024-6197.json

https://curl.se/docs/CVE-2024-6197.html

https://hackerone.com/reports/2559516

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2024
Vulnerability Reserved
Jun 20, 2024

Credit

z2_

Curl

What is CVE-2024-6197?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit