libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the *macidn* IDN backend. The conversion function then fills up the provided buffer exactly - but does not null terminate the string. This flaw can lead to stack contents accidently getting returned as part of the converted string.
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Tue, 10 Sep 2024 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Haxx
Haxx libcurl
Weaknesses CWE-125
CPEs cpe:2.3:a:haxx:libcurl:8.8.0:*:*:*:*:*:*:*
Vendors & Products Haxx
Haxx libcurl
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: curl

Published: 2024-07-24T07:36:26.887Z

Updated: 2024-08-22T18:03:17.766Z

Reserved: 2024-07-18T03:37:32.294Z

Link: CVE-2024-6874

cve-icon Vulnrichment

Updated: 2024-08-01T21:45:38.111Z

cve-icon NVD

Status : Modified

Published: 2024-07-24T08:15:03.413

Modified: 2024-11-21T09:50:26.493

Link: CVE-2024-6874

cve-icon Redhat

Severity : Low

Publid Date: 2024-07-24T00:00:00Z

Links: CVE-2024-6874 - Bugzilla