Lucene search

F5F5:K000141062

HistorySep 12, 2024 - 12:00 a.m.

K000141062: libcurl vulnerability CVE-2024-7264

2024-09-1200:00:00

my.f5.com

libcurl

asn1 parser

cve-2024-7264

crash

heap buffer

curlinfo_certinfo

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

Low

JSON

Security Advisory Description

libcurl’s ASN1 parser code has the GTime2str() function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen() getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when CURLINFO_CERTINFO is used. (CVE-2024-7264)

Impact

There is no impact; F5 products are not affected by this vulnerability.

Affected configurations

Vulners

Node

f5big-ip_next_central_managerMatch20.2.0

f5big-ip_next_central_managerMatch20.2.1

f5big-ip_nextMatch1.1.0

f5big-ip_nextMatch1.1.1

f5big-ip_nextMatch1.2.0

f5big-ip_nextMatch1.2.1

f5big-ip_nextMatch1.3.0

f5big-ip_nextMatch1.3.1

f5big-ip_nextMatch1.1.0

f5big-ip_nextMatch1.1.1

f5big-ip_nextMatch1.2.0

f5big-ip_nextMatch1.2.1

f5big-ip_nextMatch1.3.0

f5big-ip_nextMatch1.3.1

f5big-ip_nextMatch1.1.0

f5big-ip_nextMatch1.1.1

f5big-ip_nextMatch1.2.0

f5big-ip_nextMatch1.2.1

f5big-ip_nextMatch1.3.0

f5big-ip_nextMatch1.3.1

f5big-ip_ltmMatch20.2.0

f5big-ip_ltmMatch20.2.1

f5big-ip_nextMatch1.7.0

f5big-ip_nextMatch1.7.1

f5big-ip_nextMatch1.7.10

f5big-ip_nextMatch1.7.2

f5big-ip_nextMatch1.7.3

f5big-ip_nextMatch1.7.4

f5big-ip_nextMatch1.7.5

f5big-ip_nextMatch1.7.6

f5big-ip_nextMatch1.7.7

f5big-ip_nextMatch1.7.8

f5big-ip_nextMatch1.7.9

f5big-ip_nextMatch1.8.0

f5big-ip_nextMatch1.8.2

f5big-ip_nextMatch1.9.0

f5big-ip_nextMatch1.9.1

f5big-ip_nextMatch1.9.2

f5big-ip_nextMatch20.2.0

f5big-ip_nextMatch20.2.1

f5big-ipMatch15.1.0

f5big-ipMatch15.1.1

f5big-ipMatch15.1.10

f5big-ipMatch15.1.2

f5big-ipMatch15.1.3

f5big-ipMatch15.1.4

f5big-ipMatch15.1.5

f5big-ipMatch15.1.6

f5big-ipMatch15.1.7

f5big-ipMatch15.1.8

f5big-ipMatch15.1.9

f5big-ip_afmMatch15.1.0

f5big-ip_afmMatch15.1.1

f5big-ip_afmMatch15.1.10

f5big-ip_afmMatch15.1.2

f5big-ip_afmMatch15.1.3

f5big-ip_afmMatch15.1.4

f5big-ip_afmMatch15.1.5

f5big-ip_afmMatch15.1.6

f5big-ip_afmMatch15.1.7

f5big-ip_afmMatch15.1.8

f5big-ip_afmMatch15.1.9

f5big-ip_afmMatch16.1.0

f5big-ip_afmMatch16.1.1

f5big-ip_afmMatch16.1.2

f5big-ip_afmMatch16.1.3

f5big-ip_afmMatch16.1.4

f5big-ip_afmMatch16.1.5

f5big-ip_afmMatch17.1.0

f5big-ip_afmMatch17.1.1

f5big-ip_analyticsMatch15.1.0

f5big-ip_analyticsMatch15.1.1

f5big-ip_analyticsMatch15.1.10

f5big-ip_analyticsMatch15.1.2

f5big-ip_analyticsMatch15.1.3

f5big-ip_analyticsMatch15.1.4

f5big-ip_analyticsMatch15.1.5

f5big-ip_analyticsMatch15.1.6

f5big-ip_analyticsMatch15.1.7

f5big-ip_analyticsMatch15.1.8

f5big-ip_analyticsMatch15.1.9

f5big-ip_analyticsMatch16.1.0

f5big-ip_analyticsMatch16.1.1

f5big-ip_analyticsMatch16.1.2

f5big-ip_analyticsMatch16.1.3

f5big-ip_analyticsMatch16.1.4

f5big-ip_analyticsMatch16.1.5

f5big-ip_analyticsMatch17.1.0

f5big-ip_analyticsMatch17.1.1

f5big-ip_apmMatch15.1.0

f5big-ip_apmMatch15.1.1

f5big-ip_apmMatch15.1.10

f5big-ip_apmMatch15.1.2

f5big-ip_apmMatch15.1.3

f5big-ip_apmMatch15.1.4

f5big-ip_apmMatch15.1.5

f5big-ip_apmMatch15.1.6

f5big-ip_apmMatch15.1.7

f5big-ip_apmMatch15.1.8

f5big-ip_apmMatch15.1.9

f5big-ip_apmMatch16.1.0

f5big-ip_apmMatch16.1.1

f5big-ip_apmMatch16.1.2

f5big-ip_apmMatch16.1.3

f5big-ip_apmMatch16.1.4

f5big-ip_apmMatch16.1.5

f5big-ip_apmMatch17.1.0

f5big-ip_apmMatch17.1.1

f5big-ip_asmMatch15.1.0

f5big-ip_asmMatch15.1.1

f5big-ip_asmMatch15.1.10

f5big-ip_asmMatch15.1.2

f5big-ip_asmMatch15.1.3

f5big-ip_asmMatch15.1.4

f5big-ip_asmMatch15.1.5

f5big-ip_asmMatch15.1.6

f5big-ip_asmMatch15.1.7

f5big-ip_asmMatch15.1.8

f5big-ip_asmMatch15.1.9

f5big-ip_asmMatch16.1.0

f5big-ip_asmMatch16.1.1

f5big-ip_asmMatch16.1.2

f5big-ip_asmMatch16.1.3

f5big-ip_asmMatch16.1.4

f5big-ip_asmMatch16.1.5

f5big-ip_asmMatch17.1.0

f5big-ip_asmMatch17.1.1

f5big-ip_dnsMatch15.1.0

f5big-ip_dnsMatch15.1.1

f5big-ip_dnsMatch15.1.10

f5big-ip_dnsMatch15.1.2

f5big-ip_dnsMatch15.1.3

f5big-ip_dnsMatch15.1.4

f5big-ip_dnsMatch15.1.5

f5big-ip_dnsMatch15.1.6

f5big-ip_dnsMatch15.1.7

f5big-ip_dnsMatch15.1.8

f5big-ip_dnsMatch15.1.9

f5big-ip_dnsMatch16.1.0

f5big-ip_dnsMatch16.1.1

f5big-ip_dnsMatch16.1.2

f5big-ip_dnsMatch16.1.3

f5big-ip_dnsMatch16.1.4

f5big-ip_dnsMatch16.1.5

f5big-ip_dnsMatch17.1.0

f5big-ip_dnsMatch17.1.1

f5big-ipMatch15.1.0

f5big-ipMatch15.1.1

f5big-ipMatch15.1.10

f5big-ipMatch15.1.2

f5big-ipMatch15.1.3

f5big-ipMatch15.1.4

f5big-ipMatch15.1.5

f5big-ipMatch15.1.6

f5big-ipMatch15.1.7

f5big-ipMatch15.1.8

f5big-ipMatch15.1.9

f5big-ipMatch16.1.0

f5big-ipMatch16.1.1

f5big-ipMatch16.1.2

f5big-ipMatch16.1.3

f5big-ipMatch16.1.4

f5big-ipMatch16.1.5

f5big-ipMatch17.1.0

f5big-ipMatch17.1.1

f5big-ip_link_controllerMatch15.1.10

f5big-ip_link_controllerMatch15.1.7

f5big-ip_link_controllerMatch15.1.8

f5big-ip_link_controllerMatch15.1.9

f5big-ip_link_controllerMatch16.1.0

f5big-ip_link_controllerMatch16.1.1

f5big-ip_link_controllerMatch16.1.2

f5big-ip_link_controllerMatch16.1.3

f5big-ip_link_controllerMatch16.1.4

f5big-ip_link_controllerMatch16.1.5

f5big-ip_link_controllerMatch17.1.0

f5big-ip_link_controllerMatch17.1.1

f5big-ip_ltmMatch15.1.0

f5big-ip_ltmMatch15.1.1

f5big-ip_ltmMatch15.1.10

f5big-ip_ltmMatch15.1.2

f5big-ip_ltmMatch15.1.3

f5big-ip_ltmMatch15.1.4

f5big-ip_ltmMatch15.1.5

f5big-ip_ltmMatch15.1.6

f5big-ip_ltmMatch15.1.7

f5big-ip_ltmMatch15.1.8

f5big-ip_ltmMatch15.1.9

f5big-ip_ltmMatch16.1.0

f5big-ip_ltmMatch16.1.1

f5big-ip_ltmMatch16.1.2

f5big-ip_ltmMatch16.1.3

f5big-ip_ltmMatch16.1.4

f5big-ip_ltmMatch16.1.5

f5big-ip_ltmMatch17.1.0

f5big-ip_ltmMatch17.1.1

f5big-ip_pemMatch15.1.0

f5big-ip_pemMatch15.1.1

f5big-ip_pemMatch15.1.10

f5big-ip_pemMatch15.1.2

f5big-ip_pemMatch15.1.3

f5big-ip_pemMatch15.1.4

f5big-ip_pemMatch15.1.5

f5big-ip_pemMatch15.1.6

f5big-ip_pemMatch15.1.7

f5big-ip_pemMatch15.1.8

f5big-ip_pemMatch15.1.9

f5big-ip_pemMatch16.1.0

f5big-ip_pemMatch16.1.1

f5big-ip_pemMatch16.1.2

f5big-ip_pemMatch16.1.3

f5big-ip_pemMatch16.1.4

f5big-ip_pemMatch16.1.5

f5big-ip_pemMatch17.1.0

f5big-ip_pemMatch17.1.1

f5nginx_agentMatch2.18.0

f5nginx_agentMatch2.19.0

f5nginx_agentMatch2.20.0

f5nginx_agentMatch2.20.1

f5nginx_agentMatch2.22.0

f5nginx_agentMatch2.22.1

f5nginx_agentMatch2.23.0

f5nginx_agentMatch2.23.1

f5nginx_agentMatch2.23.2

f5nginx_agentMatch2.23.3

f5nginx_agentMatch2.24.0

f5nginx_agentMatch2.24.1

f5nginx_agentMatch2.25.0

f5nginx_agentMatch2.25.1

f5nginx_agentMatch2.26.0

f5nginx_agentMatch2.26.1

f5nginx_agentMatch2.26.2

f5nginx_agentMatch2.27.0

f5nginx_agentMatch2.28.0

f5nginx_agentMatch2.28.1

f5nginx_agentMatch2.29.0

f5nginx_agentMatch2.30.0

f5nginx_agentMatch2.30.1

f5nginx_agentMatch2.30.2

f5nginx_agentMatch2.30.3

f5nginx_agentMatch2.31.0

f5nginx_agentMatch2.31.1

f5nginx_agentMatch2.31.2

f5nginx_agentMatch2.32.0

f5nginx_agentMatch2.32.1

f5nginx_agentMatch2.32.2

f5nginx_agentMatch2.33.0

f5nginx_agentMatch2.34.0

f5nginx_agentMatch2.34.1

f5nginx_agentMatch2.35.0

f5nginx_agentMatch2.35.1

f5nginx_agentMatch2.36.0

f5nginx_agentMatch2.36.1

f5nginx_agentMatch2.37.0

f5nginx_agentMatch2.38.0

f5nginx_api_connectivity_managerMatch1.0.0

f5nginx_api_connectivity_managerMatch1.1.0

f5nginx_api_connectivity_managerMatch1.1.1

f5nginx_api_connectivity_managerMatch1.2.0

f5nginx_api_connectivity_managerMatch1.3.0

f5nginx_api_connectivity_managerMatch1.3.1

f5nginx_api_connectivity_managerMatch1.4.0

f5nginx_api_connectivity_managerMatch1.4.1

f5nginx_api_connectivity_managerMatch1.5.0

f5nginx_api_connectivity_managerMatch1.6.0

f5nginx_api_connectivity_managerMatch1.7.0

f5nginx_api_connectivity_managerMatch1.8.0

f5nginx_api_connectivity_managerMatch1.9.0

f5nginx_api_connectivity_managerMatch1.9.1

f5nginx_api_connectivity_managerMatch1.9.2

f5nginx_app_protectMatch2.4.0

f5nginx_app_protectMatch3.0.0

f5nginx_app_protectMatch3.1.0

f5nginx_app_protectMatch4.0.1

f5nginx_app_protectMatch4.1.0

f5nginx_app_protectMatch4.2.0

f5nginx_app_protectMatch4.3.0

f5nginx_app_protectMatch4.4.0

f5nginx_app_protectMatch3.11.0

f5nginx_app_protectMatch3.12.1

f5nginx_app_protectMatch3.12.2

f5nginx_app_protectMatch4.0.0

f5nginx_app_protectMatch4.1.0

f5nginx_app_protectMatch4.10.0

f5nginx_app_protectMatch4.2.0

f5nginx_app_protectMatch4.3.0

f5nginx_app_protectMatch4.4.0

f5nginx_app_protectMatch4.5.0

f5nginx_app_protectMatch4.6.0

f5nginx_app_protectMatch4.7.0

f5nginx_app_protectMatch4.8.0

f5nginx_app_protectMatch4.8.1

f5nginx_app_protectMatch4.9.0

f5nginx_app_protectMatch5.0.0

f5nginx_app_protectMatch5.1.0

f5nginx_app_protectMatch5.2.0

f5nginx_controllerMatch3.18.3

f5nginx_controllerMatch3.19.1-apim

f5nginx_controllerMatch3.19.2-apim

f5nginx_controllerMatch3.19.3-apim

f5nginx_controllerMatch3.19.4-apim

f5nginx_controllerMatch3.19.5-apim

f5nginx_controllerMatch3.19.6-apim

f5nginx_controllerMatch3.20.0

f5nginx_controllerMatch3.20.1

f5nginx_controllerMatch3.21.0

f5nginx_controllerMatch3.22.0

f5nginx_controllerMatch3.22.1

f5nginx_controllerMatch3.22.2

f5nginx_controllerMatch3.22.3

f5nginx_controllerMatch3.22.4

f5nginx_controllerMatch3.22.5

f5nginx_controllerMatch3.22.6

f5nginx_controllerMatch3.22.7

f5nginx_controllerMatch3.22.8

f5nginx_controllerMatch3.22.9

f5nginx_ingress_controllerMatch1.12.5

f5nginx_ingress_controllerMatch2.2.1

f5nginx_ingress_controllerMatch2.2.2

f5nginx_ingress_controllerMatch2.3.0

f5nginx_ingress_controllerMatch2.4.0

f5nginx_ingress_controllerMatch2.4.1

f5nginx_ingress_controllerMatch2.4.2

f5nginx_ingress_controllerMatch3.0.0

f5nginx_ingress_controllerMatch3.0.1

f5nginx_ingress_controllerMatch3.0.2

f5nginx_ingress_controllerMatch3.1.0

f5nginx_ingress_controllerMatch3.1.1

f5nginx_ingress_controllerMatch3.2.0

f5nginx_ingress_controllerMatch3.2.1

f5nginx_ingress_controllerMatch3.3.0

f5nginx_ingress_controllerMatch3.3.1

f5nginx_ingress_controllerMatch3.4.0

f5nginx_ingress_controllerMatch3.4.1

f5nginx_ingress_controllerMatch3.4.2

f5nginx_ingress_controllerMatch3.5.0

f5nginx_ingress_controllerMatch3.5.1

f5nginx_ingress_controllerMatch3.5.2

f5nginx_ingress_controllerMatch3.6.0

f5nginx_ingress_controllerMatch3.6.1

f5nginx_ingress_controllerMatch3.6.2

f5nginx_instance_managerMatch2.10.0

f5nginx_instance_managerMatch2.10.1

f5nginx_instance_managerMatch2.11.0

f5nginx_instance_managerMatch2.12.0

f5nginx_instance_managerMatch2.13.0

f5nginx_instance_managerMatch2.13.1

f5nginx_instance_managerMatch2.14.0

f5nginx_instance_managerMatch2.14.1

f5nginx_instance_managerMatch2.15.0

f5nginx_instance_managerMatch2.15.1

f5nginx_instance_managerMatch2.16.0

f5nginx_instance_managerMatch2.17.0

f5nginx_instance_managerMatch2.17.1

f5nginx_instance_managerMatch2.17.2

f5nginx_instance_managerMatch2.5.0

f5nginx_instance_managerMatch2.5.1

f5nginx_instance_managerMatch2.6.0

f5nginx_instance_managerMatch2.7.0

f5nginx_instance_managerMatch2.8.0

f5nginx_instance_managerMatch2.9.0

f5nginx_instance_managerMatch2.9.1

f5nginx_security_monitoringMatch1.0.0

f5nginx_security_monitoringMatch1.1.0

f5nginx_security_monitoringMatch1.2.0

f5nginx_security_monitoringMatch1.3.0

f5nginx_security_monitoringMatch1.4.0

f5nginx_security_monitoringMatch1.5.0

f5nginx_security_monitoringMatch1.6.0

f5nginx_security_monitoringMatch1.7.0

f5nginx_security_monitoringMatch1.7.1

f5nginxMatchr27plus

f5nginxMatchr28plus

f5nginxMatchr29plus

f5nginxMatchr30plus

f5nginxMatchr31plus

f5nginxMatchr32plus

f5nginx_service_meshMatch1.1.0

f5nginx_service_meshMatch1.2.0

f5nginx_service_meshMatch1.2.1

f5nginx_service_meshMatch1.3.0

f5nginx_service_meshMatch1.3.1

f5nginx_service_meshMatch1.4.0

f5nginx_service_meshMatch1.4.1

f5nginx_service_meshMatch1.5.0

f5nginx_service_meshMatch1.6.0

f5nginx_service_meshMatch1.7.0

f5nginx_service_meshMatch2.0.0

f5nginxMatch1.27.0

f5nginxMatch1.28.0

f5nginxMatch1.29.0

f5nginxMatch1.30.0

f5nginxMatch1.31.0

f5nginxMatch1.31.1

f5nginxMatch1.32.0

f5nginxMatch1.32.1

f5f5os-aMatch1.5.1

f5f5os-aMatch1.5.2

f5f5os-aMatch1.7.0

f5f5os-cMatch1.6.0

f5f5os-cMatch1.6.1

f5f5os-cMatch1.6.2

f5big-iq_centralized_managementMatch8.2.0

f5big-iq_centralized_managementMatch8.3.0

f5big-ip_ddos_hybrid_defenderMatch15.1.0

f5big-ip_ddos_hybrid_defenderMatch15.1.1

f5big-ip_ddos_hybrid_defenderMatch16.1.0

f5big-ip_ddos_hybrid_defenderMatch17.1.0

f5ssl_orchestratorMatch15.1.0

f5ssl_orchestratorMatch15.1.1

f5ssl_orchestratorMatch15.1.9

f5ssl_orchestratorMatch16.1.0

f5ssl_orchestratorMatch16.1.1

f5ssl_orchestratorMatch16.1.3

f5ssl_orchestratorMatch16.1.4

f5ssl_orchestratorMatch17.1.0

f5ssl_orchestratorMatch17.1.1

f5traffix_signaling_delivery_controllerMatch5.1.0

f5traffix_signaling_delivery_controllerMatch5.2.0

VendorProductVersionCPE
f5big-ip_next_central_manager20.2.0cpe:2.3:a:f5:big-ip_next_central_manager:20.2.0:*:*:*:*:*:*:*
f5big-ip_next_central_manager20.2.1cpe:2.3:a:f5:big-ip_next_central_manager:20.2.1:*:*:*:*:*:*:*
f5big-ip_next1.1.0cpe:2.3:a:f5:big-ip_next:1.1.0:*:*:*:*:*:*:*
f5big-ip_next1.1.1cpe:2.3:a:f5:big-ip_next:1.1.1:*:*:*:*:*:*:*
f5big-ip_next1.2.0cpe:2.3:a:f5:big-ip_next:1.2.0:*:*:*:*:*:*:*
f5big-ip_next1.2.1cpe:2.3:a:f5:big-ip_next:1.2.1:*:*:*:*:*:*:*
f5big-ip_next1.3.0cpe:2.3:a:f5:big-ip_next:1.3.0:*:*:*:*:*:*:*
f5big-ip_next1.3.1cpe:2.3:a:f5:big-ip_next:1.3.1:*:*:*:*:*:*:*
f5big-ip_ltm20.2.0cpe:2.3:a:f5:big-ip_ltm:20.2.0:*:*:*:*:*:*:*
f5big-ip_ltm20.2.1cpe:2.3:a:f5:big-ip_ltm:20.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-ip_next_central_manager	20.2.0	cpe:2.3:a:f5:big-ip_next_central_manager:20.2.0:::::::*
f5	big-ip_next_central_manager	20.2.1	cpe:2.3:a:f5:big-ip_next_central_manager:20.2.1:::::::*
f5	big-ip_next	1.1.0	cpe:2.3:a:f5:big-ip_next:1.1.0:::::::*
f5	big-ip_next	1.1.1	cpe:2.3:a:f5:big-ip_next:1.1.1:::::::*
f5	big-ip_next	1.2.0	cpe:2.3:a:f5:big-ip_next:1.2.0:::::::*
f5	big-ip_next	1.2.1	cpe:2.3:a:f5:big-ip_next:1.2.1:::::::*
f5	big-ip_next	1.3.0	cpe:2.3:a:f5:big-ip_next:1.3.0:::::::*
f5	big-ip_next	1.3.1	cpe:2.3:a:f5:big-ip_next:1.3.1:::::::*
f5	big-ip_ltm	20.2.0	cpe:2.3:a:f5:big-ip_ltm:20.2.0:::::::*
f5	big-ip_ltm	20.2.1	cpe:2.3:a:f5:big-ip_ltm:20.2.1:::::::*