cve-2024-6874
Vulnerability from cvelistv5
Published
2024-07-24 07:36
Modified
2024-08-22 18:03
Severity
Summary
macidn punycode buffer overread
References
| Source | URL | Tags |
|---|---|---|
| 2499f714-1537-4658-8207-48ae4bb9eae9 | http://www.openwall.com/lists/oss-security/2024/07/24/2 | Mailing List, Third Party Advisory |
| 2499f714-1537-4658-8207-48ae4bb9eae9 | https://curl.se/docs/CVE-2024-6874.html | Vendor Advisory |
| 2499f714-1537-4658-8207-48ae4bb9eae9 | https://curl.se/docs/CVE-2024-6874.json | Vendor Advisory |
| 2499f714-1537-4658-8207-48ae4bb9eae9 | https://hackerone.com/reports/2604391 | Exploit, Issue Tracking, Technical Description |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:curl:libcurl:8.8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libcurl",
"vendor": "curl",
"versions": [
{
"status": "affected",
"version": "8.8.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-6874",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T16:13:40.560966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T16:25:51.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-22T18:03:17.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "json",
"tags": [
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2024-6874.json"
},
{
"name": "www",
"tags": [
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2024-6874.html"
},
{
"name": "issue",
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/2604391"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/24/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240822-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "curl",
"vendor": "curl",
"versions": [
{
"lessThanOrEqual": "8.8.0",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "z2_"
},
{
"lang": "en",
"type": "remediation developer",
"value": "z2_"
}
],
"descriptions": [
{
"lang": "en",
"value": "libcurl\u0027s URL API function\n[curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode\nconversions, to and from IDN. Asking to convert a name that is exactly 256\nbytes, libcurl ends up reading outside of a stack based buffer when built to\nuse the *macidn* IDN backend. The conversion function then fills up the\nprovided buffer exactly - but does not null terminate the string.\n\nThis flaw can lead to stack contents accidently getting returned as part of\nthe converted string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-126 Buffer Over-read ",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T07:36:26.887Z",
"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"shortName": "curl"
},
"references": [
{
"name": "json",
"url": "https://curl.se/docs/CVE-2024-6874.json"
},
{
"name": "www",
"url": "https://curl.se/docs/CVE-2024-6874.html"
},
{
"name": "issue",
"url": "https://hackerone.com/reports/2604391"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/24/2"
}
],
"title": "macidn punycode buffer overread"
}
},
"cveMetadata": {
"assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"assignerShortName": "curl",
"cveId": "CVE-2024-6874",
"datePublished": "2024-07-24T07:36:26.887Z",
"dateReserved": "2024-07-18T03:37:32.294Z",
"dateUpdated": "2024-08-22T18:03:17.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-6874\",\"sourceIdentifier\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"published\":\"2024-07-24T08:15:03.413\",\"lastModified\":\"2024-09-10T15:27:04.190\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libcurl\u0027s URL API function\\n[curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode\\nconversions, to and from IDN. Asking to convert a name that is exactly 256\\nbytes, libcurl ends up reading outside of a stack based buffer when built to\\nuse the *macidn* IDN backend. The conversion function then fills up the\\nprovided buffer exactly - but does not null terminate the string.\\n\\nThis flaw can lead to stack contents accidently getting returned as part of\\nthe converted string.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n API de URL de libcurl [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) ofrece conversiones punycode, hacia y desde IDN. Al solicitar convertir un nombre que tiene exactamente 256 bytes, libcurl termina leyendo fuera de un b\u00fafer en la regi\u00f3n stack de la memoria cuando se construye para usar el backend IDN *macidn*. Luego, la funci\u00f3n de conversi\u00f3n llena exactamente el b\u00fafer proporcionado, pero no termina en nulo la cadena. Esta falla puede provocar que el contenido de la pila se devuelva accidentalmente como parte de la cadena convertida.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.1,\"baseSeverity\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:8.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"759E33B7-1F1E-4050-A400-A2176BF35469\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/24/2\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://curl.se/docs/CVE-2024-6874.html\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://curl.se/docs/CVE-2024-6874.json\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/2604391\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Technical Description\"]}]}}"
}
}
Loading...