CVE-2024-6197

Name
CVE-2024-6197
Description
libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://curl.se/docs/CVE-2024-6197.json
https://curl.se/docs/CVE-2024-6197.html
https://hackerone.com/reports/2559516
http://www.openwall.com/lists/oss-security/2024/07/24/1
http://www.openwall.com/lists/oss-security/2024/07/24/5

Match rules

CPE URI Source package Min version Max version
curl >= 0 <= 8.8.0
curl >= 0 <= 8.7.1
curl >= 0 <= 8.7.0
curl >= 0 <= 8.6.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
curl edge-main 8.9.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
curl edge-main 8.7.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl edge-main 8.6.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl edge-main 8.5.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl edge-main 8.4.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl edge-main 8.3.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl edge-main 8.1.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl edge-main 8.0.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl edge-main 7.88.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl edge-main 7.87.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl edge-main 7.86.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl edge-main 7.85.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl edge-main 7.84.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl edge-main 7.83.1-r0 None possibly vulnerable
curl edge-main 7.83.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl edge-main 7.79.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl edge-main 7.78.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl edge-main 7.77.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl edge-main 7.76.0-r0 None possibly vulnerable
curl edge-main 7.74.0-r0 None possibly vulnerable
curl edge-main 7.72.0-r0 None possibly vulnerable
curl edge-main 7.71.0-r0 None possibly vulnerable
curl edge-main 7.66.0-r0 None possibly vulnerable
curl edge-main 7.65.0-r0 None possibly vulnerable
curl edge-main 7.64.0-r0 None possibly vulnerable
curl edge-main 7.62.0-r0 None possibly vulnerable
curl edge-main 7.61.1-r0 None possibly vulnerable
curl edge-main 7.61.0-r0 None possibly vulnerable
curl edge-main 7.60.0-r0 None possibly vulnerable
curl edge-main 7.59.0-r0 None possibly vulnerable
curl edge-main 7.57.0-r0 None possibly vulnerable
curl edge-main 7.56.1-r0 None possibly vulnerable
curl edge-main 7.55.0-r0 None possibly vulnerable
curl edge-main 7.54.0-r0 None possibly vulnerable
curl edge-main 7.53.1-r2 None possibly vulnerable
curl edge-main 7.53.0-r0 None possibly vulnerable
curl edge-main 7.52.1-r0 None possibly vulnerable
curl edge-main 7.51.0-r0 None possibly vulnerable
curl edge-main 7.50.3-r0 None possibly vulnerable
curl edge-main 7.50.2-r0 None possibly vulnerable
curl edge-main 7.50.1-r0 None possibly vulnerable
curl edge-main 7.36.0-r0 None possibly vulnerable
curl 3.22-main 8.9.0-r0 None fixed
curl 3.22-main 8.7.1-r0 None possibly vulnerable
curl 3.22-main 8.6.0-r0 None possibly vulnerable
curl 3.22-main 8.5.0-r0 None possibly vulnerable
curl 3.22-main 8.4.0-r0 None possibly vulnerable
curl 3.22-main 8.3.0-r0 None possibly vulnerable
curl 3.22-main 8.1.0-r0 None possibly vulnerable
curl 3.22-main 8.0.0-r0 None possibly vulnerable
curl 3.22-main 7.88.0-r0 None possibly vulnerable
curl 3.22-main 7.87.0-r0 None possibly vulnerable
curl 3.22-main 7.86.0-r0 None possibly vulnerable
curl 3.22-main 7.85.0-r0 None possibly vulnerable
curl 3.22-main 7.84.0-r0 None possibly vulnerable
curl 3.22-main 7.83.1-r0 None possibly vulnerable
curl 3.22-main 7.83.0-r0 None possibly vulnerable
curl 3.22-main 7.79.0-r0 None possibly vulnerable
curl 3.22-main 7.78.0-r0 None possibly vulnerable
curl 3.22-main 7.77.0-r0 None possibly vulnerable
curl 3.22-main 7.76.0-r0 None possibly vulnerable
curl 3.22-main 7.74.0-r0 None possibly vulnerable
curl 3.22-main 7.72.0-r0 None possibly vulnerable
curl 3.22-main 7.71.0-r0 None possibly vulnerable
curl 3.22-main 7.66.0-r0 None possibly vulnerable
curl 3.22-main 7.65.0-r0 None possibly vulnerable
curl 3.22-main 7.64.0-r0 None possibly vulnerable
curl 3.22-main 7.62.0-r0 None possibly vulnerable
curl 3.22-main 7.61.1-r0 None possibly vulnerable
curl 3.22-main 7.61.0-r0 None possibly vulnerable
curl 3.22-main 7.60.0-r0 None possibly vulnerable
curl 3.22-main 7.59.0-r0 None possibly vulnerable
curl 3.22-main 7.57.0-r0 None possibly vulnerable
curl 3.22-main 7.56.1-r0 None possibly vulnerable
curl 3.22-main 7.55.0-r0 None possibly vulnerable
curl 3.22-main 7.54.0-r0 None possibly vulnerable
curl 3.22-main 7.53.1-r2 None possibly vulnerable
curl 3.22-main 7.53.0-r0 None possibly vulnerable
curl 3.22-main 7.52.1-r0 None possibly vulnerable
curl 3.22-main 7.51.0-r0 None possibly vulnerable
curl 3.22-main 7.50.3-r0 None possibly vulnerable
curl 3.22-main 7.50.2-r0 None possibly vulnerable
curl 3.22-main 7.50.1-r0 None possibly vulnerable
curl 3.22-main 7.36.0-r0 None possibly vulnerable
curl 3.21-main 8.9.0-r0 None fixed
curl 3.21-main 8.7.1-r0 None possibly vulnerable
curl 3.21-main 8.6.0-r0 None possibly vulnerable
curl 3.21-main 8.5.0-r0 None possibly vulnerable
curl 3.21-main 8.4.0-r0 None possibly vulnerable
curl 3.21-main 8.3.0-r0 None possibly vulnerable
curl 3.21-main 8.1.0-r0 None possibly vulnerable
curl 3.21-main 8.0.0-r0 None possibly vulnerable
curl 3.21-main 7.88.0-r0 None possibly vulnerable
curl 3.21-main 7.87.0-r0 None possibly vulnerable
curl 3.21-main 7.86.0-r0 None possibly vulnerable
curl 3.21-main 7.85.0-r0 None possibly vulnerable
curl 3.21-main 7.84.0-r0 None possibly vulnerable
curl 3.21-main 7.83.1-r0 None possibly vulnerable
curl 3.21-main 7.83.0-r0 None possibly vulnerable
curl 3.21-main 7.79.0-r0 None possibly vulnerable
curl 3.21-main 7.78.0-r0 None possibly vulnerable
curl 3.21-main 7.77.0-r0 None possibly vulnerable
curl 3.21-main 7.76.0-r0 None possibly vulnerable
curl 3.21-main 7.74.0-r0 None possibly vulnerable
curl 3.21-main 7.72.0-r0 None possibly vulnerable
curl 3.21-main 7.71.0-r0 None possibly vulnerable
curl 3.21-main 7.66.0-r0 None possibly vulnerable
curl 3.21-main 7.65.0-r0 None possibly vulnerable
curl 3.21-main 7.64.0-r0 None possibly vulnerable
curl 3.21-main 7.62.0-r0 None possibly vulnerable
curl 3.21-main 7.61.1-r0 None possibly vulnerable
curl 3.21-main 7.61.0-r0 None possibly vulnerable
curl 3.21-main 7.60.0-r0 None possibly vulnerable
curl 3.21-main 7.59.0-r0 None possibly vulnerable
curl 3.21-main 7.57.0-r0 None possibly vulnerable
curl 3.21-main 7.56.1-r0 None possibly vulnerable
curl 3.21-main 7.55.0-r0 None possibly vulnerable
curl 3.21-main 7.54.0-r0 None possibly vulnerable
curl 3.21-main 7.53.1-r2 None possibly vulnerable
curl 3.21-main 7.53.0-r0 None possibly vulnerable
curl 3.21-main 7.52.1-r0 None possibly vulnerable
curl 3.21-main 7.51.0-r0 None possibly vulnerable
curl 3.21-main 7.50.3-r0 None possibly vulnerable
curl 3.21-main 7.50.2-r0 None possibly vulnerable
curl 3.21-main 7.50.1-r0 None possibly vulnerable
curl 3.21-main 7.36.0-r0 None possibly vulnerable
curl 3.20-main 8.9.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
curl 3.20-main 8.7.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl 3.20-main 8.6.0-r0 None possibly vulnerable
curl 3.20-main 8.5.0-r0 None possibly vulnerable
curl 3.20-main 8.4.0-r0 None possibly vulnerable
curl 3.20-main 8.3.0-r0 None possibly vulnerable
curl 3.20-main 8.1.0-r0 None possibly vulnerable
curl 3.20-main 8.0.0-r0 None possibly vulnerable
curl 3.20-main 7.88.0-r0 None possibly vulnerable
curl 3.20-main 7.87.0-r0 None possibly vulnerable
curl 3.20-main 7.86.0-r0 None possibly vulnerable
curl 3.20-main 7.85.0-r0 None possibly vulnerable
curl 3.20-main 7.84.0-r0 None possibly vulnerable
curl 3.20-main 7.83.1-r0 None possibly vulnerable
curl 3.20-main 7.83.0-r0 None possibly vulnerable
curl 3.20-main 7.79.0-r0 None possibly vulnerable
curl 3.20-main 7.78.0-r0 None possibly vulnerable
curl 3.20-main 7.77.0-r0 None possibly vulnerable
curl 3.20-main 7.76.0-r0 None possibly vulnerable
curl 3.20-main 7.74.0-r0 None possibly vulnerable
curl 3.20-main 7.72.0-r0 None possibly vulnerable
curl 3.20-main 7.71.0-r0 None possibly vulnerable
curl 3.20-main 7.66.0-r0 None possibly vulnerable
curl 3.20-main 7.65.0-r0 None possibly vulnerable
curl 3.20-main 7.64.0-r0 None possibly vulnerable
curl 3.20-main 7.62.0-r0 None possibly vulnerable
curl 3.20-main 7.61.1-r0 None possibly vulnerable
curl 3.20-main 7.61.0-r0 None possibly vulnerable
curl 3.20-main 7.60.0-r0 None possibly vulnerable
curl 3.20-main 7.59.0-r0 None possibly vulnerable
curl 3.20-main 7.57.0-r0 None possibly vulnerable
curl 3.20-main 7.56.1-r0 None possibly vulnerable
curl 3.20-main 7.55.0-r0 None possibly vulnerable
curl 3.20-main 7.54.0-r0 None possibly vulnerable
curl 3.20-main 7.53.1-r2 None possibly vulnerable
curl 3.20-main 7.53.0-r0 None possibly vulnerable
curl 3.20-main 7.52.1-r0 None possibly vulnerable
curl 3.20-main 7.51.0-r0 None possibly vulnerable
curl 3.20-main 7.50.3-r0 None possibly vulnerable
curl 3.20-main 7.50.2-r0 None possibly vulnerable
curl 3.20-main 7.50.1-r0 None possibly vulnerable
curl 3.20-main 7.36.0-r0 None possibly vulnerable
curl 3.19-main 8.9.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
curl 3.19-main 8.7.1-r0 None possibly vulnerable
curl 3.19-main 8.6.0-r0 None possibly vulnerable
curl 3.19-main 8.5.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl 3.19-main 8.4.0-r0 None possibly vulnerable
curl 3.19-main 8.3.0-r0 None possibly vulnerable
curl 3.19-main 8.1.0-r0 None possibly vulnerable
curl 3.19-main 8.0.0-r0 None possibly vulnerable
curl 3.19-main 7.88.0-r0 None possibly vulnerable
curl 3.19-main 7.87.0-r0 None possibly vulnerable
curl 3.19-main 7.86.0-r0 None possibly vulnerable
curl 3.19-main 7.85.0-r0 None possibly vulnerable
curl 3.19-main 7.84.0-r0 None possibly vulnerable
curl 3.19-main 7.83.1-r0 None possibly vulnerable
curl 3.19-main 7.83.0-r0 None possibly vulnerable
curl 3.19-main 7.79.0-r0 None possibly vulnerable
curl 3.19-main 7.78.0-r0 None possibly vulnerable
curl 3.19-main 7.77.0-r0 None possibly vulnerable
curl 3.19-main 7.76.0-r0 None possibly vulnerable
curl 3.19-main 7.74.0-r0 None possibly vulnerable
curl 3.19-main 7.72.0-r0 None possibly vulnerable
curl 3.19-main 7.71.0-r0 None possibly vulnerable
curl 3.19-main 7.66.0-r0 None possibly vulnerable
curl 3.19-main 7.65.0-r0 None possibly vulnerable
curl 3.19-main 7.64.0-r0 None possibly vulnerable
curl 3.19-main 7.62.0-r0 None possibly vulnerable
curl 3.19-main 7.61.1-r0 None possibly vulnerable
curl 3.19-main 7.61.0-r0 None possibly vulnerable
curl 3.19-main 7.60.0-r0 None possibly vulnerable
curl 3.19-main 7.59.0-r0 None possibly vulnerable
curl 3.19-main 7.57.0-r0 None possibly vulnerable
curl 3.19-main 7.56.1-r0 None possibly vulnerable
curl 3.19-main 7.55.0-r0 None possibly vulnerable
curl 3.19-main 7.54.0-r0 None possibly vulnerable
curl 3.19-main 7.53.1-r2 None possibly vulnerable
curl 3.19-main 7.53.0-r0 None possibly vulnerable
curl 3.19-main 7.52.1-r0 None possibly vulnerable
curl 3.19-main 7.51.0-r0 None possibly vulnerable
curl 3.19-main 7.50.3-r0 None possibly vulnerable
curl 3.19-main 7.50.2-r0 None possibly vulnerable
curl 3.19-main 7.50.1-r0 None possibly vulnerable
curl 3.19-main 7.36.0-r0 None possibly vulnerable
curl 3.18-main 8.9.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
curl 3.18-main 8.5.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl 3.17-main 8.9.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
curl 3.17-main 8.5.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable