{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-6874","assignerOrgId":"2499f714-1537-4658-8207-48ae4bb9eae9","state":"PUBLISHED","assignerShortName":"curl","dateReserved":"2024-07-18T03:37:32.294Z","datePublished":"2024-07-24T07:36:26.887Z","dateUpdated":"2025-02-13T17:58:00.151Z"},"containers":{"cna":{"title":"macidn punycode buffer overread","descriptions":[{"lang":"en","value":"libcurl's URL API function\n[curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode\nconversions, to and from IDN. Asking to convert a name that is exactly 256\nbytes, libcurl ends up reading outside of a stack based buffer when built to\nuse the *macidn* IDN backend. The conversion function then fills up the\nprovided buffer exactly - but does not null terminate the string.\n\nThis flaw can lead to stack contents accidently getting returned as part of\nthe converted string."}],"providerMetadata":{"orgId":"2499f714-1537-4658-8207-48ae4bb9eae9","shortName":"curl","dateUpdated":"2024-07-24T07:40:07.072Z"},"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-126 Buffer Over-read"}]}],"affected":[{"vendor":"curl","product":"curl","versions":[{"version":"8.8.0","status":"affected","lessThanOrEqual":"8.8.0","versionType":"semver"}],"defaultStatus":"unaffected"}],"references":[{"url":"https://curl.se/docs/CVE-2024-6874.json","name":"json"},{"url":"https://curl.se/docs/CVE-2024-6874.html","name":"www"},{"url":"https://hackerone.com/reports/2604391","name":"issue"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/24/2"}],"credits":[{"lang":"en","value":"z2_","type":"finder"},{"lang":"en","value":"z2_","type":"remediation developer"}]},"adp":[{"affected":[{"vendor":"curl","product":"libcurl","cpes":["cpe:2.3:a:curl:libcurl:8.8.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"8.8.0","status":"affected"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":3.1,"attackVector":"NETWORK","baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"HIGH","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-07-24T16:13:40.560966Z","id":"CVE-2024-6874","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-24T16:25:51.575Z"}},{"title":"CVE Program Container","references":[{"url":"https://curl.se/docs/CVE-2024-6874.json","name":"json","tags":["x_transferred"]},{"url":"https://curl.se/docs/CVE-2024-6874.html","name":"www","tags":["x_transferred"]},{"url":"https://hackerone.com/reports/2604391","name":"issue","tags":["x_transferred"]},{"url":"http://www.openwall.com/lists/oss-security/2024/07/24/2","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20240822-0004/"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-22T18:03:17.766Z"}}]},"dataVersion":"5.1"}