CVE-2024-7264 - Vulnerability Details

libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Haxx	Libcurl
Redhat	Enterprise Linux Service Mesh

Configuration 1 [-]

cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
mysql:8.0-8100020250212154709.489197e6	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:1673	2025-02-19T00:00:00Z
Red Hat Enterprise Linux 9
mysql-0:8.0.41-2.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:1671	2025-02-19T00:00:00Z
Red Hat OpenShift Service Mesh 2.6 for RHEL 8
openshift-service-mesh/grafana-rhel8:2.6.2-3	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/istio-cni-rhel8:2.6.2-5	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/istio-must-gather-rhel8:2.6.2-4	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/istio-rhel8-operator:2.6.2-5	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-ossmc-rhel8:1.89.2-3	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-rhel8:1.89.4-3	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-rhel8-operator:1.89.6-1	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/pilot-rhel8:2.6.2-5	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/ratelimit-rhel8:2.6.2-3	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
Red Hat OpenShift Service Mesh 2.6 for RHEL 9
openshift-service-mesh/proxyv2-rhel9:2.6.2-7	cpe:/a:redhat:service_mesh:2.6::el9	RHSA-2024:7726	2024-10-07T00:00:00Z

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/07/31/1
https://curl.se/docs/CVE-2024-7264.html
https://curl.se/docs/CVE-2024-7264.json
https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519
https://hackerone.com/reports/2629968
https://nvd.nist.gov/vuln/detail/CVE-2024-7264
https://security.netapp.com/advisory/ntap-20240828-0008/
https://www.cve.org/CVERecord?id=CVE-2024-7264
https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL

History

Thu, 20 Feb 2025 02:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8

Wed, 19 Feb 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9
Vendors & Products		Redhat enterprise Linux

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519 https://security.netapp.com/advisory/ntap-20240828-0008/

Wed, 30 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
References	https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519 https://security.netapp.com/advisory/ntap-20240828-0008/
Metrics	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}`

Wed, 16 Oct 2024 02:30:00 +0000

Type	Values Removed	Values Added
References		https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL

Tue, 08 Oct 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat service Mesh
CPEs		cpe:/a:redhat:service_mesh:2.6::el8 cpe:/a:redhat:service_mesh:2.6::el9
Vendors & Products		Redhat Redhat service Mesh

Wed, 28 Aug 2024 15:30:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20240828-0008/

Mon, 12 Aug 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Haxx Haxx libcurl
CPEs		cpe:2.3:a:haxx:libcurl::::::::
Vendors & Products		Haxx Haxx libcurl
Metrics	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H'}`	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

Wed, 07 Aug 2024 03:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
References		https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.cve.org/CVERecord?id=CVE-2024-7264
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H'}` threat_severity `Low`

MITRE

Status: PUBLISHED

Assigner: curl

Published: 2024-07-31T08:08:14.585Z

Updated: 2025-02-13T17:58:03.375Z

Reserved: 2024-07-30T08:04:22.389Z

Link: CVE-2024-7264

Vulnrichment

Updated: 2024-08-28T15:02:52.325Z

NVD

Status : Modified

Published: 2024-07-31T08:15:02.657

Modified: 2024-11-21T09:51:10.360

Link: CVE-2024-7264

Redhat

Severity : Low

Publid Date: 2024-07-31T00:00:00Z

Links: CVE-2024-7264 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-7264", "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "state": "PUBLISHED", "assignerShortName": "curl", "dateReserved": "2024-07-30T08:04:22.389Z", "datePublished": "2024-07-31T08:08:14.585Z", "dateUpdated": "2025-02-13T17:58:03.375Z"}, "containers": {"cna": {"title": "ASN.1 date parser overread", "descriptions": [{"lang": "en", "value": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used."}], "providerMetadata": {"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "shortName": "curl", "dateUpdated": "2024-07-31T08:10:08.639Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "affected": [{"vendor": "curl", "product": "curl", "versions": [{"version": "8.9.0", "status": "affected", "lessThanOrEqual": "8.9.0", "versionType": "semver"}, {"version": "8.8.0", "status": "affected", "lessThanOrEqual": "8.8.0", "versionType": "semver"}, {"version": "8.7.1", "status": "affected", "lessThanOrEqual": "8.7.1", "versionType": "semver"}, {"version": "8.7.0", "status": "affected", "lessThanOrEqual": "8.7.0", "versionType": "semver"}, {"version": "8.6.0", "status": "affected", "lessThanOrEqual": "8.6.0", "versionType": "semver"}, {"version": "8.5.0", "status": "affected", "lessThanOrEqual": "8.5.0", "versionType": "semver"}, {"version": "8.4.0", "status": "affected", "lessThanOrEqual": "8.4.0", "versionType": "semver"}, {"version": "8.3.0", "status": "affected", "lessThanOrEqual": "8.3.0", "versionType": "semver"}, {"version": "8.2.1", "status": "affected", "lessThanOrEqual": "8.2.1", "versionType": "semver"}, {"version": "8.2.0", "status": "affected", "lessThanOrEqual": "8.2.0", "versionType": "semver"}, {"version": "8.1.2", "status": "affected", "lessThanOrEqual": "8.1.2", "versionType": "semver"}, {"version": "8.1.1", "status": "affected", "lessThanOrEqual": "8.1.1", "versionType": "semver"}, {"version": "8.1.0", "status": "affected", "lessThanOrEqual": "8.1.0", "versionType": "semver"}, {"version": "8.0.1", "status": "affected", "lessThanOrEqual": "8.0.1", "versionType": "semver"}, {"version": "8.0.0", "status": "affected", "lessThanOrEqual": "8.0.0", "versionType": "semver"}, {"version": "7.88.1", "status": "affected", "lessThanOrEqual": "7.88.1", "versionType": "semver"}, {"version": "7.88.0", "status": "affected", "lessThanOrEqual": "7.88.0", "versionType": "semver"}, {"version": "7.87.0", "status": "affected", "lessThanOrEqual": "7.87.0", "versionType": "semver"}, {"version": "7.86.0", "status": "affected", "lessThanOrEqual": "7.86.0", "versionType": "semver"}, {"version": "7.85.0", "status": "affected", "lessThanOrEqual": "7.85.0", "versionType": "semver"}, {"version": "7.84.0", "status": "affected", "lessThanOrEqual": "7.84.0", "versionType": "semver"}, {"version": "7.83.1", "status": "affected", "lessThanOrEqual": "7.83.1", "versionType": "semver"}, {"version": "7.83.0", "status": "affected", "lessThanOrEqual": "7.83.0", "versionType": "semver"}, {"version": "7.82.0", "status": "affected", "lessThanOrEqual": "7.82.0", "versionType": "semver"}, {"version": "7.81.0", "status": "affected", "lessThanOrEqual": "7.81.0", "versionType": "semver"}, {"version": "7.80.0", "status": "affected", "lessThanOrEqual": "7.80.0", "versionType": "semver"}, {"version": "7.79.1", "status": "affected", "lessThanOrEqual": "7.79.1", "versionType": "semver"}, {"version": "7.79.0", "status": "affected", "lessThanOrEqual": "7.79.0", "versionType": "semver"}, {"version": "7.78.0", "status": "affected", "lessThanOrEqual": "7.78.0", "versionType": "semver"}, {"version": "7.77.0", "status": "affected", "lessThanOrEqual": "7.77.0", "versionType": "semver"}, {"version": "7.76.1", "status": "affected", "lessThanOrEqual": "7.76.1", "versionType": "semver"}, {"version": "7.76.0", "status": "affected", "lessThanOrEqual": "7.76.0", "versionType": "semver"}, {"version": "7.75.0", "status": "affected", "lessThanOrEqual": "7.75.0", "versionType": "semver"}, {"version": "7.74.0", "status": "affected", "lessThanOrEqual": "7.74.0", "versionType": "semver"}, {"version": "7.73.0", "status": "affected", "lessThanOrEqual": "7.73.0", "versionType": "semver"}, {"version": "7.72.0", "status": "affected", "lessThanOrEqual": "7.72.0", "versionType": "semver"}, {"version": "7.71.1", "status": "affected", "lessThanOrEqual": "7.71.1", "versionType": "semver"}, {"version": "7.71.0", "status": "affected", "lessThanOrEqual": "7.71.0", "versionType": "semver"}, {"version": "7.70.0", "status": "affected", "lessThanOrEqual": "7.70.0", "versionType": "semver"}, {"version": "7.69.1", "status": "affected", "lessThanOrEqual": "7.69.1", "versionType": "semver"}, {"version": "7.69.0", "status": "affected", "lessThanOrEqual": "7.69.0", "versionType": "semver"}, {"version": "7.68.0", "status": "affected", "lessThanOrEqual": "7.68.0", "versionType": "semver"}, {"version": "7.67.0", "status": "affected", "lessThanOrEqual": "7.67.0", "versionType": "semver"}, {"version": "7.66.0", "status": "affected", "lessThanOrEqual": "7.66.0", "versionType": "semver"}, {"version": "7.65.3", "status": "affected", "lessThanOrEqual": "7.65.3", "versionType": "semver"}, {"version": "7.65.2", "status": "affected", "lessThanOrEqual": "7.65.2", "versionType": "semver"}, {"version": "7.65.1", "status": "affected", "lessThanOrEqual": "7.65.1", "versionType": "semver"}, {"version": "7.65.0", "status": "affected", "lessThanOrEqual": "7.65.0", "versionType": "semver"}, {"version": "7.64.1", "status": "affected", "lessThanOrEqual": "7.64.1", "versionType": "semver"}, {"version": "7.64.0", "status": "affected", "lessThanOrEqual": "7.64.0", "versionType": "semver"}, {"version": "7.63.0", "status": "affected", "lessThanOrEqual": "7.63.0", "versionType": "semver"}, {"version": "7.62.0", "status": "affected", "lessThanOrEqual": "7.62.0", "versionType": "semver"}, {"version": "7.61.1", "status": "affected", "lessThanOrEqual": "7.61.1", "versionType": "semver"}, {"version": "7.61.0", "status": "affected", "lessThanOrEqual": "7.61.0", "versionType": "semver"}, {"version": "7.60.0", "status": "affected", "lessThanOrEqual": "7.60.0", "versionType": "semver"}, {"version": "7.59.0", "status": "affected", "lessThanOrEqual": "7.59.0", "versionType": "semver"}, {"version": "7.58.0", "status": "affected", "lessThanOrEqual": "7.58.0", "versionType": "semver"}, {"version": "7.57.0", "status": "affected", "lessThanOrEqual": "7.57.0", "versionType": "semver"}, {"version": "7.56.1", "status": "affected", "lessThanOrEqual": "7.56.1", "versionType": "semver"}, {"version": "7.56.0", "status": "affected", "lessThanOrEqual": "7.56.0", "versionType": "semver"}, {"version": "7.55.1", "status": "affected", "lessThanOrEqual": "7.55.1", "versionType": "semver"}, {"version": "7.55.0", "status": "affected", "lessThanOrEqual": "7.55.0", "versionType": "semver"}, {"version": "7.54.1", "status": "affected", "lessThanOrEqual": "7.54.1", "versionType": "semver"}, {"version": "7.54.0", "status": "affected", "lessThanOrEqual": "7.54.0", "versionType": "semver"}, {"version": "7.53.1", "status": "affected", "lessThanOrEqual": "7.53.1", "versionType": "semver"}, {"version": "7.53.0", "status": "affected", "lessThanOrEqual": "7.53.0", "versionType": "semver"}, {"version": "7.52.1", "status": "affected", "lessThanOrEqual": "7.52.1", "versionType": "semver"}, {"version": "7.52.0", "status": "affected", "lessThanOrEqual": "7.52.0", "versionType": "semver"}, {"version": "7.51.0", "status": "affected", "lessThanOrEqual": "7.51.0", "versionType": "semver"}, {"version": "7.50.3", "status": "affected", "lessThanOrEqual": "7.50.3", "versionType": "semver"}, {"version": "7.50.2", "status": "affected", "lessThanOrEqual": "7.50.2", "versionType": "semver"}, {"version": "7.50.1", "status": "affected", "lessThanOrEqual": "7.50.1", "versionType": "semver"}, {"version": "7.50.0", "status": "affected", "lessThanOrEqual": "7.50.0", "versionType": "semver"}, {"version": "7.49.1", "status": "affected", "lessThanOrEqual": "7.49.1", "versionType": "semver"}, {"version": "7.49.0", "status": "affected", "lessThanOrEqual": "7.49.0", "versionType": "semver"}, {"version": "7.48.0", "status": "affected", "lessThanOrEqual": "7.48.0", "versionType": "semver"}, {"version": "7.47.1", "status": "affected", "lessThanOrEqual": "7.47.1", "versionType": "semver"}, {"version": "7.47.0", "status": "affected", "lessThanOrEqual": "7.47.0", "versionType": "semver"}, {"version": "7.46.0", "status": "affected", "lessThanOrEqual": "7.46.0", "versionType": "semver"}, {"version": "7.45.0", "status": "affected", "lessThanOrEqual": "7.45.0", "versionType": "semver"}, {"version": "7.44.0", "status": "affected", "lessThanOrEqual": "7.44.0", "versionType": "semver"}, {"version": "7.43.0", "status": "affected", "lessThanOrEqual": "7.43.0", "versionType": "semver"}, {"version": "7.42.1", "status": "affected", "lessThanOrEqual": "7.42.1", "versionType": "semver"}, {"version": "7.42.0", "status": "affected", "lessThanOrEqual": "7.42.0", "versionType": "semver"}, {"version": "7.41.0", "status": "affected", "lessThanOrEqual": "7.41.0", "versionType": "semver"}, {"version": "7.40.0", "status": "affected", "lessThanOrEqual": "7.40.0", "versionType": "semver"}, {"version": "7.39.0", "status": "affected", "lessThanOrEqual": "7.39.0", "versionType": "semver"}, {"version": "7.38.0", "status": "affected", "lessThanOrEqual": "7.38.0", "versionType": "semver"}, {"version": "7.37.1", "status": "affected", "lessThanOrEqual": "7.37.1", "versionType": "semver"}, {"version": "7.37.0", "status": "affected", "lessThanOrEqual": "7.37.0", "versionType": "semver"}, {"version": "7.36.0", "status": "affected", "lessThanOrEqual": "7.36.0", "versionType": "semver"}, {"version": "7.35.0", "status": "affected", "lessThanOrEqual": "7.35.0", "versionType": "semver"}, {"version": "7.34.0", "status": "affected", "lessThanOrEqual": "7.34.0", "versionType": "semver"}, {"version": "7.33.0", "status": "affected", "lessThanOrEqual": "7.33.0", "versionType": "semver"}, {"version": "7.32.0", "status": "affected", "lessThanOrEqual": "7.32.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://curl.se/docs/CVE-2024-7264.json", "name": "json"}, {"url": "https://curl.se/docs/CVE-2024-7264.html", "name": "www"}, {"url": "https://hackerone.com/reports/2629968", "name": "issue"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/31/1"}], "credits": [{"lang": "en", "value": "Dov Murik (Transmit Security)", "type": "finder"}, {"lang": "en", "value": "Stefan Eissing", "type": "remediation developer"}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519"}, {"tags": ["x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/07/31/1"}, {"url": "https://security.netapp.com/advisory/ntap-20240828-0008/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-28T15:02:52.325Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T20:05:41.315706Z", "id": "CVE-2024-7264", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-30T19:41:40.489Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/31/1", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240828-0008/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-28T15:02:52.325Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-7264", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-01T20:05:41.315706Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T20:05:50.351Z"}}], "cna": {"title": "ASN.1 date parser overread", "credits": [{"lang": "en", "type": "finder", "value": "Dov Murik (Transmit Security)"}, {"lang": "en", "type": "remediation developer", "value": "Stefan Eissing"}], "affected": [{"vendor": "curl", "product": "curl", "versions": [{"status": "affected", "version": "8.9.0", "versionType": "semver", "lessThanOrEqual": "8.9.0"}, {"status": "affected", "version": "8.8.0", "versionType": "semver", "lessThanOrEqual": "8.8.0"}, {"status": "affected", "version": "8.7.1", "versionType": "semver", "lessThanOrEqual": "8.7.1"}, {"status": "affected", "version": "8.7.0", "versionType": "semver", "lessThanOrEqual": "8.7.0"}, {"status": "affected", "version": "8.6.0", "versionType": "semver", "lessThanOrEqual": "8.6.0"}, {"status": "affected", "version": "8.5.0", "versionType": "semver", "lessThanOrEqual": "8.5.0"}, {"status": "affected", "version": "8.4.0", "versionType": "semver", "lessThanOrEqual": "8.4.0"}, {"status": "affected", "version": "8.3.0", "versionType": "semver", "lessThanOrEqual": "8.3.0"}, {"status": "affected", "version": "8.2.1", "versionType": "semver", "lessThanOrEqual": "8.2.1"}, {"status": "affected", "version": "8.2.0", "versionType": "semver", "lessThanOrEqual": "8.2.0"}, {"status": "affected", "version": "8.1.2", "versionType": "semver", "lessThanOrEqual": "8.1.2"}, {"status": "affected", "version": "8.1.1", "versionType": "semver", "lessThanOrEqual": "8.1.1"}, {"status": "affected", "version": "8.1.0", "versionType": "semver", "lessThanOrEqual": "8.1.0"}, {"status": "affected", "version": "8.0.1", "versionType": "semver", "lessThanOrEqual": "8.0.1"}, {"status": "affected", "version": "8.0.0", "versionType": "semver", "lessThanOrEqual": "8.0.0"}, {"status": "affected", "version": "7.88.1", "versionType": "semver", "lessThanOrEqual": "7.88.1"}, {"status": "affected", "version": "7.88.0", "versionType": "semver", "lessThanOrEqual": "7.88.0"}, {"status": "affected", "version": "7.87.0", "versionType": "semver", "lessThanOrEqual": "7.87.0"}, {"status": "affected", "version": "7.86.0", "versionType": "semver", "lessThanOrEqual": "7.86.0"}, {"status": "affected", "version": "7.85.0", "versionType": "semver", "lessThanOrEqual": "7.85.0"}, {"status": "affected", "version": "7.84.0", "versionType": "semver", "lessThanOrEqual": "7.84.0"}, {"status": "affected", "version": "7.83.1", "versionType": "semver", "lessThanOrEqual": "7.83.1"}, {"status": "affected", "version": "7.83.0", "versionType": "semver", "lessThanOrEqual": "7.83.0"}, {"status": "affected", "version": "7.82.0", "versionType": "semver", "lessThanOrEqual": "7.82.0"}, {"status": "affected", "version": "7.81.0", "versionType": "semver", "lessThanOrEqual": "7.81.0"}, {"status": "affected", "version": "7.80.0", "versionType": "semver", "lessThanOrEqual": "7.80.0"}, {"status": "affected", "version": "7.79.1", "versionType": "semver", "lessThanOrEqual": "7.79.1"}, {"status": "affected", "version": "7.79.0", "versionType": "semver", "lessThanOrEqual": "7.79.0"}, {"status": "affected", "version": "7.78.0", "versionType": "semver", "lessThanOrEqual": "7.78.0"}, {"status": "affected", "version": "7.77.0", "versionType": "semver", "lessThanOrEqual": "7.77.0"}, {"status": "affected", "version": "7.76.1", "versionType": "semver", "lessThanOrEqual": "7.76.1"}, {"status": "affected", "version": "7.76.0", "versionType": "semver", "lessThanOrEqual": "7.76.0"}, {"status": "affected", "version": "7.75.0", "versionType": "semver", "lessThanOrEqual": "7.75.0"}, {"status": "affected", "version": "7.74.0", "versionType": "semver", "lessThanOrEqual": "7.74.0"}, {"status": "affected", "version": "7.73.0", "versionType": "semver", "lessThanOrEqual": "7.73.0"}, {"status": "affected", "version": "7.72.0", "versionType": "semver", "lessThanOrEqual": "7.72.0"}, {"status": "affected", "version": "7.71.1", "versionType": "semver", "lessThanOrEqual": "7.71.1"}, {"status": "affected", "version": "7.71.0", "versionType": "semver", "lessThanOrEqual": "7.71.0"}, {"status": "affected", "version": "7.70.0", "versionType": "semver", "lessThanOrEqual": "7.70.0"}, {"status": "affected", "version": "7.69.1", "versionType": "semver", "lessThanOrEqual": "7.69.1"}, {"status": "affected", "version": "7.69.0", "versionType": "semver", "lessThanOrEqual": "7.69.0"}, {"status": "affected", "version": "7.68.0", "versionType": "semver", "lessThanOrEqual": "7.68.0"}, {"status": "affected", "version": "7.67.0", "versionType": "semver", "lessThanOrEqual": "7.67.0"}, {"status": "affected", "version": "7.66.0", "versionType": "semver", "lessThanOrEqual": "7.66.0"}, {"status": "affected", "version": "7.65.3", "versionType": "semver", "lessThanOrEqual": "7.65.3"}, {"status": "affected", "version": "7.65.2", "versionType": "semver", "lessThanOrEqual": "7.65.2"}, {"status": "affected", "version": "7.65.1", "versionType": "semver", "lessThanOrEqual": "7.65.1"}, {"status": "affected", "version": "7.65.0", "versionType": "semver", "lessThanOrEqual": "7.65.0"}, {"status": "affected", "version": "7.64.1", "versionType": "semver", "lessThanOrEqual": "7.64.1"}, {"status": "affected", "version": "7.64.0", "versionType": "semver", "lessThanOrEqual": "7.64.0"}, {"status": "affected", "version": "7.63.0", "versionType": "semver", "lessThanOrEqual": "7.63.0"}, {"status": "affected", "version": "7.62.0", "versionType": "semver", "lessThanOrEqual": "7.62.0"}, {"status": "affected", "version": "7.61.1", "versionType": "semver", "lessThanOrEqual": "7.61.1"}, {"status": "affected", "version": "7.61.0", "versionType": "semver", "lessThanOrEqual": "7.61.0"}, {"status": "affected", "version": "7.60.0", "versionType": "semver", "lessThanOrEqual": "7.60.0"}, {"status": "affected", "version": "7.59.0", "versionType": "semver", "lessThanOrEqual": "7.59.0"}, {"status": "affected", "version": "7.58.0", "versionType": "semver", "lessThanOrEqual": "7.58.0"}, {"status": "affected", "version": "7.57.0", "versionType": "semver", "lessThanOrEqual": "7.57.0"}, {"status": "affected", "version": "7.56.1", "versionType": "semver", "lessThanOrEqual": "7.56.1"}, {"status": "affected", "version": "7.56.0", "versionType": "semver", "lessThanOrEqual": "7.56.0"}, {"status": "affected", "version": "7.55.1", "versionType": "semver", "lessThanOrEqual": "7.55.1"}, {"status": "affected", "version": "7.55.0", "versionType": "semver", "lessThanOrEqual": "7.55.0"}, {"status": "affected", "version": "7.54.1", "versionType": "semver", "lessThanOrEqual": "7.54.1"}, {"status": "affected", "version": "7.54.0", "versionType": "semver", "lessThanOrEqual": "7.54.0"}, {"status": "affected", "version": "7.53.1", "versionType": "semver", "lessThanOrEqual": "7.53.1"}, {"status": "affected", "version": "7.53.0", "versionType": "semver", "lessThanOrEqual": "7.53.0"}, {"status": "affected", "version": "7.52.1", "versionType": "semver", "lessThanOrEqual": "7.52.1"}, {"status": "affected", "version": "7.52.0", "versionType": "semver", "lessThanOrEqual": "7.52.0"}, {"status": "affected", "version": "7.51.0", "versionType": "semver", "lessThanOrEqual": "7.51.0"}, {"status": "affected", "version": "7.50.3", "versionType": "semver", "lessThanOrEqual": "7.50.3"}, {"status": "affected", "version": "7.50.2", "versionType": "semver", "lessThanOrEqual": "7.50.2"}, {"status": "affected", "version": "7.50.1", "versionType": "semver", "lessThanOrEqual": "7.50.1"}, {"status": "affected", "version": "7.50.0", "versionType": "semver", "lessThanOrEqual": "7.50.0"}, {"status": "affected", "version": "7.49.1", "versionType": "semver", "lessThanOrEqual": "7.49.1"}, {"status": "affected", "version": "7.49.0", "versionType": "semver", "lessThanOrEqual": "7.49.0"}, {"status": "affected", "version": "7.48.0", "versionType": "semver", "lessThanOrEqual": "7.48.0"}, {"status": "affected", "version": "7.47.1", "versionType": "semver", "lessThanOrEqual": "7.47.1"}, {"status": "affected", "version": "7.47.0", "versionType": "semver", "lessThanOrEqual": "7.47.0"}, {"status": "affected", "version": "7.46.0", "versionType": "semver", "lessThanOrEqual": "7.46.0"}, {"status": "affected", "version": "7.45.0", "versionType": "semver", "lessThanOrEqual": "7.45.0"}, {"status": "affected", "version": "7.44.0", "versionType": "semver", "lessThanOrEqual": "7.44.0"}, {"status": "affected", "version": "7.43.0", "versionType": "semver", "lessThanOrEqual": "7.43.0"}, {"status": "affected", "version": "7.42.1", "versionType": "semver", "lessThanOrEqual": "7.42.1"}, {"status": "affected", "version": "7.42.0", "versionType": "semver", "lessThanOrEqual": "7.42.0"}, {"status": "affected", "version": "7.41.0", "versionType": "semver", "lessThanOrEqual": "7.41.0"}, {"status": "affected", "version": "7.40.0", "versionType": "semver", "lessThanOrEqual": "7.40.0"}, {"status": "affected", "version": "7.39.0", "versionType": "semver", "lessThanOrEqual": "7.39.0"}, {"status": "affected", "version": "7.38.0", "versionType": "semver", "lessThanOrEqual": "7.38.0"}, {"status": "affected", "version": "7.37.1", "versionType": "semver", "lessThanOrEqual": "7.37.1"}, {"status": "affected", "version": "7.37.0", "versionType": "semver", "lessThanOrEqual": "7.37.0"}, {"status": "affected", "version": "7.36.0", "versionType": "semver", "lessThanOrEqual": "7.36.0"}, {"status": "affected", "version": "7.35.0", "versionType": "semver", "lessThanOrEqual": "7.35.0"}, {"status": "affected", "version": "7.34.0", "versionType": "semver", "lessThanOrEqual": "7.34.0"}, {"status": "affected", "version": "7.33.0", "versionType": "semver", "lessThanOrEqual": "7.33.0"}, {"status": "affected", "version": "7.32.0", "versionType": "semver", "lessThanOrEqual": "7.32.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://curl.se/docs/CVE-2024-7264.json", "name": "json"}, {"url": "https://curl.se/docs/CVE-2024-7264.html", "name": "www"}, {"url": "https://hackerone.com/reports/2629968", "name": "issue"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/31/1"}], "descriptions": [{"lang": "en", "value": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "shortName": "curl", "dateUpdated": "2024-07-31T08:10:08.639Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7264", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:58:03.375Z", "dateReserved": "2024-07-30T08:04:22.389Z", "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "datePublished": "2024-07-31T08:08:14.585Z", "assignerShortName": "curl"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*", "matchCriteriaId": "A578587B-41C6-48AE-B389-54B89C7116A4", "versionEndExcluding": "8.9.1", "versionStartIncluding": "7.32.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used."}, {"lang": "es", "value": "El c\u00f3digo del analizador ASN1 de libcurl tiene la funci\u00f3n `GTime2str()`, que se utiliza para analizar un campo de tiempo generalizado ASN.1. Si se proporciona un campo sint\u00e1cticamente incorrecto, el analizador puede terminar usando -1 para la longitud de la *time fraction*, lo que lleva a que se ejecute una `strlen()` en un puntero a un \u00e1rea de b\u00fafer de almacenamiento din\u00e1mico que no est\u00e1 (intencionadamente) terminada en nulo. Este fallo probablemente lleve a un bloqueo, pero tambi\u00e9n puede llevar a que se devuelvan contenidos del mont\u00f3n a la aplicaci\u00f3n cuando se utiliza [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html)."}], "id": "CVE-2024-7264", "lastModified": "2024-11-21T09:51:10.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-07-31T08:15:02.657", "references": [{"source": "2499f714-1537-4658-8207-48ae4bb9eae9", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/07/31/1"}, {"source": "2499f714-1537-4658-8207-48ae4bb9eae9", "tags": ["Vendor Advisory"], "url": "https://curl.se/docs/CVE-2024-7264.html"}, {"source": "2499f714-1537-4658-8207-48ae4bb9eae9", "tags": ["Vendor Advisory"], "url": "https://curl.se/docs/CVE-2024-7264.json"}, {"source": "2499f714-1537-4658-8207-48ae4bb9eae9", "tags": ["Exploit", "Issue Tracking", "Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/2629968"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/07/31/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240828-0008/"}], "sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:1673", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "mysql:8.0-8100020250212154709.489197e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1671", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "mysql-0:8.0.41-2.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2024:7726", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/grafana-rhel8:2.6.2-3", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7726", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/istio-cni-rhel8:2.6.2-5", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7726", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/istio-must-gather-rhel8:2.6.2-4", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7726", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/istio-rhel8-operator:2.6.2-5", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7726", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/kiali-ossmc-rhel8:1.89.2-3", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7726", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/kiali-rhel8:1.89.4-3", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7726", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/kiali-rhel8-operator:1.89.6-1", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7726", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/pilot-rhel8:2.6.2-5", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7726", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/ratelimit-rhel8:2.6.2-3", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7726", "cpe": "cpe:/a:redhat:service_mesh:2.6::el9", "package": "openshift-service-mesh/proxyv2-rhel9:2.6.2-7", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 9", "release_date": "2024-10-07T00:00:00Z"}], "bugzilla": {"description": "curl: libcurl: ASN.1 date parser overread", "id": "2301888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301888"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-7264", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "mysql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Fix deferred", "package_name": "curl", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-mysql80-mysql", "product_name": "Red Hat Software Collections"}], "public_date": "2024-07-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-7264\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-7264\nhttps://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL"], "statement": "The vulnerability is classified as low severity because it primarily results in a heap buffer over-read rather than a direct memory corruption or code execution risk. Since the ASN.1 parsing occurs after a successful TLS handshake, the malformed certificate must first bypass the TLS library's validation, which significantly reduces the likelihood of exploitation. \nAdditionally, the impact is limited to a potential crash or unintended heap data exposure through CURLINFO_CERTINFO, but not arbitrary code execution. The requirement for a specific TLS backend configuration and the controlled nature of the memory read further minimize its exploitability.", "threat_severity": "Low"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object