CVE-2024-6197

HIGH EPSS 89.9%
Published Jul 24, 20241y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
High
Find Similar
Published Jul 24, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
89.9% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Affected Products 1

VendorProductVersionRange
haxxlibcurl*≥8.6.0  –  <8.9.0

References 6

  • openwall.com http://www.openwall.com/lists/oss-security/2024/07/24/1
    Mailing ListThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2024/07/24/5
    Mailing ListThird Party Advisory
  • curl.se https://curl.se/docs/CVE-2024-6197.html
    Vendor Advisory
  • curl.se https://curl.se/docs/CVE-2024-6197.json
    Vendor Advisory
  • hackerone.com https://hackerone.com/reports/2559516
    ExploitIssue TrackingTechnical Description
  • security.netapp.com https://security.netapp.com/advisory/ntap-20241129-0008/

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.