{"id":"CVE-2024-7264","details":"libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.","aliases":["CURL-CVE-2024-7264"],"modified":"2026-04-12T17:29:17.171135Z","published":"2024-07-31T08:15:02.657Z","related":["ALSA-2025:1671","ALSA-2025:1673","CGA-m2jp-pm2h-j34f","SUSE-SU-2024:2784-1","SUSE-SU-2024:2930-1","SUSE-SU-2024:2938-1","SUSE-SU-2024:3080-1","SUSE-SU-2024:3080-2","SUSE-SU-2024:3202-1","SUSE-SU-2025:20029-1","openSUSE-SU-2024:14261-1"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241025-0006/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241025-0010/"},{"type":"ADVISORY","url":"https://curl.se/docs/CVE-2024-7264.html"},{"type":"ADVISORY","url":"https://curl.se/docs/CVE-2024-7264.json"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240828-0008/"},{"type":"REPORT","url":"https://hackerone.com/reports/2629968"},{"type":"FIX","url":"https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2024/07/31/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/curl/curl","events":[{"introduced":"70812c2f32fc5734bcbbe572b9f61c380433ad6a"},{"fixed":"83bedbd730d62b83744cc26fa0433d3f6e2e4cd6"},{"fixed":"27959ecce75cdb2809c0bdb3286e60e08fadb519"}],"database_specific":{"versions":[{"introduced":"7.32.0"},{"fixed":"8.9.1"}]}}],"versions":["curl-7_32_0","curl-7_33_0","curl-7_34_0","curl-7_35_0","curl-7_36_0","curl-7_37_0","curl-7_37_1","curl-7_38_0","curl-7_39_0","curl-7_40_0","curl-7_41_0","curl-7_42_0","curl-7_43_0","curl-7_44_0","curl-7_45_0","curl-7_46_0","curl-7_47_0","curl-7_47_1","curl-7_48_0","curl-7_49_0","curl-7_49_1","curl-7_50_0","curl-7_50_1","curl-7_50_2","curl-7_50_3","curl-7_51_0","curl-7_52_0","curl-7_52_1","curl-7_53_0","curl-7_53_1","curl-7_54_0","curl-7_54_1","curl-7_55_0","curl-7_55_1","curl-7_56_0","curl-7_56_1","curl-7_57_0","curl-7_58_0","curl-7_59_0","curl-7_60_0","curl-7_61_0","curl-7_61_1","curl-7_62_0","curl-7_63_0","curl-7_64_0","curl-7_64_1","curl-7_65_0","curl-7_65_1","curl-7_65_2","curl-7_65_3","curl-7_66_0","curl-7_67_0","curl-7_68_0","curl-7_69_0","curl-7_69_1","curl-7_70_0","curl-7_71_0","curl-7_71_1","curl-7_72_0","curl-7_73_0","curl-7_74_0","curl-7_75_0","curl-7_76_0","curl-7_76_1","curl-7_77_0","curl-7_78_0","curl-7_79_0","curl-7_79_1","curl-7_80_0","curl-7_81_0","curl-7_82_0","curl-7_83_0","curl-7_83_1","curl-7_84_0","curl-7_85_0","curl-7_86_0","curl-7_87_0","curl-7_88_0","curl-7_88_1","curl-8_0_0","curl-8_0_1","curl-8_1_0","curl-8_1_1","curl-8_1_2","curl-8_2_0","curl-8_2_1","curl-8_3_0","curl-8_4_0","curl-8_5_0","curl-8_6_0","curl-8_7_0","curl-8_7_1","curl-8_8_0","curl-8_9_0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7264.json","vanir_signatures":[{"signature_version":"v1","id":"CVE-2024-7264-357d5c8a","source":"https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519","deprecated":false,"signature_type":"Function","target":{"file":"lib/vtls/x509asn1.c","function":"GTime2str"},"digest":{"function_hash":"44391705612524364774368042722019714327","length":1104}},{"signature_version":"v1","id":"CVE-2024-7264-67821506","source":"https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519","deprecated":false,"signature_type":"Line","target":{"file":"lib/vtls/x509asn1.h"},"digest":{"line_hashes":["95126134743640794896963096731829227697","144779354657065835501752563488437428604","317072365810900046882446524785076944464"],"threshold":0.9}},{"signature_version":"v1","id":"CVE-2024-7264-d42afa67","source":"https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519","deprecated":false,"signature_type":"Line","target":{"file":"lib/vtls/x509asn1.c"},"digest":{"line_hashes":["225876056498704765845877006559546262300","176423151054548165360750876540677858194","289668165175774764560448522829877424639","242644217041992152321989115265215972879","268532454690515376590998156180152951206","310272947232416495089203242947839935684","301038965153660893262258651624092148049","32862098234719251992637084107481093688","220300149285119356296593497329560454543","303852349410960188254824451623453671590","9591007534432890142340230746602368870","275271375232490080563785528446164228624","17377905258464721812210095822744909001","42362003463451388804118331388589612087","32253411418572657241631111414545383706","98035622866023045045478393730663191063","296432699133742590980654626491505239460","230280919300164717500587727305278940390","25538375731885481183170371639755625079","267395533405182516326850447821945556602","213019383524148410116549292298220134339","239491207639922602422962646100192763644","262405149748443976684945419827080942246","108788281347994535860029351021890880673","313863988834971745022596417113198128543","17971457333675315949877802435449047435"],"threshold":0.9}}],"vanir_signatures_modified":"2026-04-12T17:29:17Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}