libcurl's URL API function
[curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode
conversions, to and from IDN. Asking to convert a name that is exactly 256
bytes, libcurl ends up reading outside of a stack based buffer when built to
use the *macidn* IDN backend. The conversion function then fills up the
provided buffer exactly - but does not null terminate the string.
This flaw can lead to stack contents accidently getting returned as part of
the converted string.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Tue, 10 Sep 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Haxx
Haxx libcurl |
|
Weaknesses | CWE-125 | |
CPEs | cpe:2.3:a:haxx:libcurl:8.8.0:*:*:*:*:*:*:* | |
Vendors & Products |
Haxx
Haxx libcurl |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: curl
Published: 2024-07-24T07:36:26.887Z
Updated: 2024-08-22T18:03:17.766Z
Reserved: 2024-07-18T03:37:32.294Z
Link: CVE-2024-6874
Vulnrichment
Updated: 2024-08-01T21:45:38.111Z
NVD
Status : Modified
Published: 2024-07-24T08:15:03.413
Modified: 2024-11-21T09:50:26.493
Link: CVE-2024-6874
Redhat