CVE-2024-7264
ADVISORY - nistSummary
libcurl's ASN1 parser code has the GTime2str()
function, used for parsing an
ASN.1 Generalized Time field. If given an syntactically incorrect field, the
parser might end up using -1 for the length of the time fraction, leading to
a strlen()
getting performed on a pointer to a heap buffer area that is not
(purposely) null terminated.
This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when CURLINFO_CERTINFO is used.
EPSS Score: 0.02574 (0.849)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Out-of-bounds Read
ADVISORY - redhat
Out-of-bounds Read
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in