Lucene search
CurlCVELIST:CVE-2024-6874HistoryJul 24, 2024 - 7:36 a.m.
CVE-2024-6874 macidn punycode buffer overread
2024-07-2407:36:26
curl
www.cve.org
13
cve-2024-6874
macidn
punycode
buffer overread
libcurl
url api
idn
stack buffer
conversion
flaw
EPSS
0.001
Percentile
35.1%
libcurl’s URL API function
curl_url_get() offers punycode
conversions, to and from IDN. Asking to convert a name that is exactly 256
bytes, libcurl ends up reading outside of a stack based buffer when built to
use the macidn IDN backend. The conversion function then fills up the
provided buffer exactly - but does not null terminate the string.
This flaw can lead to stack contents accidently getting returned as part of
the converted string.
CNA Affected
[
{
"vendor": "curl",
"product": "curl",
"versions": [
{
"version": "8.8.0",
"status": "affected",
"lessThanOrEqual": "8.8.0",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
debiancve
debiancve
CVE-2024-6874
2024-07-24 08:15:03
vulnrichment
vulnrichment
CVE-2024-6874 macidn punycode buffer overread
2024-07-24 07:36:26
cve
cve
CVE-2024-6874
2024-07-24 08:15:03
veracode
veracode
Out-of-Bounds Read
2024-07-30 09:26:03
osv
osv
macidn punycode buffer overread
2024-07-24 08:00:00
CVE-2024-6874
2024-07-24 08:15:03
curl-8.9.0-1.1 on GA media
2024-07-30 00:00:00
ubuntucve
ubuntucve
CVE-2024-6874
2024-07-24 00:00:00
redhatcve
redhatcve
CVE-2024-6874
2024-07-25 06:41:23
alpinelinux
alpinelinux
CVE-2024-6874
2024-07-24 08:15:03
hackerone
hackerone
curl: CVE-2024-6874: macidn punycode buffer overread
2024-07-16 02:07:09
nvd
nvd
CVE-2024-6874
2024-07-24 08:15:03
ibm
ibm
nessus
nessus
Tenable Security Center Multiple Vulnerabilities (TNS-2024-13)
2024-08-14 00:00:00