libcurl’s ASN1 parser code has the GTime2str()
function, used for
parsing an ASN.1 Generalized Time field. If given an syntactically
incorrect field, the parser might end up using -1 for the length
of the time fraction, leading to a strlen()
getting performed
on a pointer to a heap buffer area that is not (purposely) null
terminated. This flaw most likely leads to a crash, but can also
lead to heap contents getting returned to the application when
CURLINFO_CERTINFO is used.
Author | Note |
---|---|
rodrigo-zaiden | seems like it was introduced in commit 3a24cb7bc456366cbc3a03f7ab6d2576105a1f2d (version 7.32.0) |