CVE-2024-6874 macidn punycode buffer overread

2024-07-2407:36:26

curl

github.com

cve-2024-6874

macidn

punycode

buffer overread

libcurl

url api

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

35.1%

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

libcurl’s URL API function
curl_url_get() offers punycode
conversions, to and from IDN. Asking to convert a name that is exactly 256
bytes, libcurl ends up reading outside of a stack based buffer when built to
use the macidn IDN backend. The conversion function then fills up the
provided buffer exactly - but does not null terminate the string.

This flaw can lead to stack contents accidently getting returned as part of
the converted string.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:curl:libcurl:8.8.0:*:*:*:*:*:*:*"
    ],
    "vendor": "curl",
    "product": "libcurl",
    "versions": [
      {
        "status": "affected",
        "version": "8.8.0"
      }
    ],
    "defaultStatus": "unknown"
  }
]