CVE-2024-6874

2024-07-2408:15:03

Debian Security Bug Tracker

security-tracker.debian.org

libcurl

url api

function

cve-2024-6874

unix

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

35.1%

JSON

libcurl’s URL API function curl_url_get() offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exactly - but does not null terminate the string. This flaw can lead to stack contents accidently getting returned as part of the converted string.

OSVersionArchitecturePackageVersionFilename
Debian12allcurl< 7.88.1-10+deb12u7curl_7.88.1-10+deb12u7_all.deb
Debian11allcurl< 7.74.0-1.3+deb11u13curl_7.74.0-1.3+deb11u13_all.deb
Debian999allcurl< 8.9.0-1curl_8.9.0-1_all.deb
Debian13allcurl< 8.9.0-1curl_8.9.0-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	curl	< 7.88.1-10+deb12u7	curl_7.88.1-10+deb12u7_all.deb
Debian	11	all	curl	< 7.74.0-1.3+deb11u13	curl_7.74.0-1.3+deb11u13_all.deb
Debian	999	all	curl	< 8.9.0-1	curl_8.9.0-1_all.deb
Debian	13	all	curl	< 8.9.0-1	curl_8.9.0-1_all.deb