{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-7264","assignerOrgId":"2499f714-1537-4658-8207-48ae4bb9eae9","state":"PUBLISHED","assignerShortName":"curl","dateReserved":"2024-07-30T08:04:22.389Z","datePublished":"2024-07-31T08:08:14.585Z","dateUpdated":"2025-11-03T22:32:51.400Z"},"containers":{"cna":{"title":"ASN.1 date parser overread","descriptions":[{"lang":"en","value":"libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used."}],"providerMetadata":{"orgId":"2499f714-1537-4658-8207-48ae4bb9eae9","shortName":"curl","dateUpdated":"2024-07-31T08:10:08.639Z"},"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-125 Out-of-bounds Read"}]}],"affected":[{"vendor":"curl","product":"curl","versions":[{"version":"8.9.0","status":"affected","lessThanOrEqual":"8.9.0","versionType":"semver"},{"version":"8.8.0","status":"affected","lessThanOrEqual":"8.8.0","versionType":"semver"},{"version":"8.7.1","status":"affected","lessThanOrEqual":"8.7.1","versionType":"semver"},{"version":"8.7.0","status":"affected","lessThanOrEqual":"8.7.0","versionType":"semver"},{"version":"8.6.0","status":"affected","lessThanOrEqual":"8.6.0","versionType":"semver"},{"version":"8.5.0","status":"affected","lessThanOrEqual":"8.5.0","versionType":"semver"},{"version":"8.4.0","status":"affected","lessThanOrEqual":"8.4.0","versionType":"semver"},{"version":"8.3.0","status":"affected","lessThanOrEqual":"8.3.0","versionType":"semver"},{"version":"8.2.1","status":"affected","lessThanOrEqual":"8.2.1","versionType":"semver"},{"version":"8.2.0","status":"affected","lessThanOrEqual":"8.2.0","versionType":"semver"},{"version":"8.1.2","status":"affected","lessThanOrEqual":"8.1.2","versionType":"semver"},{"version":"8.1.1","status":"affected","lessThanOrEqual":"8.1.1","versionType":"semver"},{"version":"8.1.0","status":"affected","lessThanOrEqual":"8.1.0","versionType":"semver"},{"version":"8.0.1","status":"affected","lessThanOrEqual":"8.0.1","versionType":"semver"},{"version":"8.0.0","status":"affected","lessThanOrEqual":"8.0.0","versionType":"semver"},{"version":"7.88.1","status":"affected","lessThanOrEqual":"7.88.1","versionType":"semver"},{"version":"7.88.0","status":"affected","lessThanOrEqual":"7.88.0","versionType":"semver"},{"version":"7.87.0","status":"affected","lessThanOrEqual":"7.87.0","versionType":"semver"},{"version":"7.86.0","status":"affected","lessThanOrEqual":"7.86.0","versionType":"semver"},{"version":"7.85.0","status":"affected","lessThanOrEqual":"7.85.0","versionType":"semver"},{"version":"7.84.0","status":"affected","lessThanOrEqual":"7.84.0","versionType":"semver"},{"version":"7.83.1","status":"affected","lessThanOrEqual":"7.83.1","versionType":"semver"},{"version":"7.83.0","status":"affected","lessThanOrEqual":"7.83.0","versionType":"semver"},{"version":"7.82.0","status":"affected","lessThanOrEqual":"7.82.0","versionType":"semver"},{"version":"7.81.0","status":"affected","lessThanOrEqual":"7.81.0","versionType":"semver"},{"version":"7.80.0","status":"affected","lessThanOrEqual":"7.80.0","versionType":"semver"},{"version":"7.79.1","status":"affected","lessThanOrEqual":"7.79.1","versionType":"semver"},{"version":"7.79.0","status":"affected","lessThanOrEqual":"7.79.0","versionType":"semver"},{"version":"7.78.0","status":"affected","lessThanOrEqual":"7.78.0","versionType":"semver"},{"version":"7.77.0","status":"affected","lessThanOrEqual":"7.77.0","versionType":"semver"},{"version":"7.76.1","status":"affected","lessThanOrEqual":"7.76.1","versionType":"semver"},{"version":"7.76.0","status":"affected","lessThanOrEqual":"7.76.0","versionType":"semver"},{"version":"7.75.0","status":"affected","lessThanOrEqual":"7.75.0","versionType":"semver"},{"version":"7.74.0","status":"affected","lessThanOrEqual":"7.74.0","versionType":"semver"},{"version":"7.73.0","status":"affected","lessThanOrEqual":"7.73.0","versionType":"semver"},{"version":"7.72.0","status":"affected","lessThanOrEqual":"7.72.0","versionType":"semver"},{"version":"7.71.1","status":"affected","lessThanOrEqual":"7.71.1","versionType":"semver"},{"version":"7.71.0","status":"affected","lessThanOrEqual":"7.71.0","versionType":"semver"},{"version":"7.70.0","status":"affected","lessThanOrEqual":"7.70.0","versionType":"semver"},{"version":"7.69.1","status":"affected","lessThanOrEqual":"7.69.1","versionType":"semver"},{"version":"7.69.0","status":"affected","lessThanOrEqual":"7.69.0","versionType":"semver"},{"version":"7.68.0","status":"affected","lessThanOrEqual":"7.68.0","versionType":"semver"},{"version":"7.67.0","status":"affected","lessThanOrEqual":"7.67.0","versionType":"semver"},{"version":"7.66.0","status":"affected","lessThanOrEqual":"7.66.0","versionType":"semver"},{"version":"7.65.3","status":"affected","lessThanOrEqual":"7.65.3","versionType":"semver"},{"version":"7.65.2","status":"affected","lessThanOrEqual":"7.65.2","versionType":"semver"},{"version":"7.65.1","status":"affected","lessThanOrEqual":"7.65.1","versionType":"semver"},{"version":"7.65.0","status":"affected","lessThanOrEqual":"7.65.0","versionType":"semver"},{"version":"7.64.1","status":"affected","lessThanOrEqual":"7.64.1","versionType":"semver"},{"version":"7.64.0","status":"affected","lessThanOrEqual":"7.64.0","versionType":"semver"},{"version":"7.63.0","status":"affected","lessThanOrEqual":"7.63.0","versionType":"semver"},{"version":"7.62.0","status":"affected","lessThanOrEqual":"7.62.0","versionType":"semver"},{"version":"7.61.1","status":"affected","lessThanOrEqual":"7.61.1","versionType":"semver"},{"version":"7.61.0","status":"affected","lessThanOrEqual":"7.61.0","versionType":"semver"},{"version":"7.60.0","status":"affected","lessThanOrEqual":"7.60.0","versionType":"semver"},{"version":"7.59.0","status":"affected","lessThanOrEqual":"7.59.0","versionType":"semver"},{"version":"7.58.0","status":"affected","lessThanOrEqual":"7.58.0","versionType":"semver"},{"version":"7.57.0","status":"affected","lessThanOrEqual":"7.57.0","versionType":"semver"},{"version":"7.56.1","status":"affected","lessThanOrEqual":"7.56.1","versionType":"semver"},{"version":"7.56.0","status":"affected","lessThanOrEqual":"7.56.0","versionType":"semver"},{"version":"7.55.1","status":"affected","lessThanOrEqual":"7.55.1","versionType":"semver"},{"version":"7.55.0","status":"affected","lessThanOrEqual":"7.55.0","versionType":"semver"},{"version":"7.54.1","status":"affected","lessThanOrEqual":"7.54.1","versionType":"semver"},{"version":"7.54.0","status":"affected","lessThanOrEqual":"7.54.0","versionType":"semver"},{"version":"7.53.1","status":"affected","lessThanOrEqual":"7.53.1","versionType":"semver"},{"version":"7.53.0","status":"affected","lessThanOrEqual":"7.53.0","versionType":"semver"},{"version":"7.52.1","status":"affected","lessThanOrEqual":"7.52.1","versionType":"semver"},{"version":"7.52.0","status":"affected","lessThanOrEqual":"7.52.0","versionType":"semver"},{"version":"7.51.0","status":"affected","lessThanOrEqual":"7.51.0","versionType":"semver"},{"version":"7.50.3","status":"affected","lessThanOrEqual":"7.50.3","versionType":"semver"},{"version":"7.50.2","status":"affected","lessThanOrEqual":"7.50.2","versionType":"semver"},{"version":"7.50.1","status":"affected","lessThanOrEqual":"7.50.1","versionType":"semver"},{"version":"7.50.0","status":"affected","lessThanOrEqual":"7.50.0","versionType":"semver"},{"version":"7.49.1","status":"affected","lessThanOrEqual":"7.49.1","versionType":"semver"},{"version":"7.49.0","status":"affected","lessThanOrEqual":"7.49.0","versionType":"semver"},{"version":"7.48.0","status":"affected","lessThanOrEqual":"7.48.0","versionType":"semver"},{"version":"7.47.1","status":"affected","lessThanOrEqual":"7.47.1","versionType":"semver"},{"version":"7.47.0","status":"affected","lessThanOrEqual":"7.47.0","versionType":"semver"},{"version":"7.46.0","status":"affected","lessThanOrEqual":"7.46.0","versionType":"semver"},{"version":"7.45.0","status":"affected","lessThanOrEqual":"7.45.0","versionType":"semver"},{"version":"7.44.0","status":"affected","lessThanOrEqual":"7.44.0","versionType":"semver"},{"version":"7.43.0","status":"affected","lessThanOrEqual":"7.43.0","versionType":"semver"},{"version":"7.42.1","status":"affected","lessThanOrEqual":"7.42.1","versionType":"semver"},{"version":"7.42.0","status":"affected","lessThanOrEqual":"7.42.0","versionType":"semver"},{"version":"7.41.0","status":"affected","lessThanOrEqual":"7.41.0","versionType":"semver"},{"version":"7.40.0","status":"affected","lessThanOrEqual":"7.40.0","versionType":"semver"},{"version":"7.39.0","status":"affected","lessThanOrEqual":"7.39.0","versionType":"semver"},{"version":"7.38.0","status":"affected","lessThanOrEqual":"7.38.0","versionType":"semver"},{"version":"7.37.1","status":"affected","lessThanOrEqual":"7.37.1","versionType":"semver"},{"version":"7.37.0","status":"affected","lessThanOrEqual":"7.37.0","versionType":"semver"},{"version":"7.36.0","status":"affected","lessThanOrEqual":"7.36.0","versionType":"semver"},{"version":"7.35.0","status":"affected","lessThanOrEqual":"7.35.0","versionType":"semver"},{"version":"7.34.0","status":"affected","lessThanOrEqual":"7.34.0","versionType":"semver"},{"version":"7.33.0","status":"affected","lessThanOrEqual":"7.33.0","versionType":"semver"},{"version":"7.32.0","status":"affected","lessThanOrEqual":"7.32.0","versionType":"semver"}],"defaultStatus":"unaffected"}],"references":[{"url":"https://curl.se/docs/CVE-2024-7264.json","name":"json"},{"url":"https://curl.se/docs/CVE-2024-7264.html","name":"www"},{"url":"https://hackerone.com/reports/2629968","name":"issue"},{"url":"http://www.openwall.com/lists/oss-security/2024/07/31/1"}],"credits":[{"lang":"en","value":"Dov Murik (Transmit Security)","type":"finder"},{"lang":"en","value":"Stefan Eissing","type":"remediation developer"}]},"adp":[{"title":"CVE Program Container","references":[{"url":"https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519"},{"tags":["x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/07/31/1"},{"url":"https://security.netapp.com/advisory/ntap-20240828-0008/"},{"url":"https://security.netapp.com/advisory/ntap-20241025-0010/"},{"url":"https://security.netapp.com/advisory/ntap-20241025-0006/"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:32:51.400Z"}},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.3,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","integrityImpact":"LOW","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"LOW","privilegesRequired":"LOW","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-08-01T20:05:41.315706Z","id":"CVE-2024-7264","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-30T19:41:40.489Z"}}]},"dataVersion":"5.2"}