Summary
Security updates have been released that address a vulnerability in cURL, a popular command-line tool and data transfer library. This vulnerability affects the ASN1 parser of libcurl, in the GTime2str() function: if a specially crafted field is provided, a malicious user could compromise the availability of the service and/or access information in the application’s memory heap.
Risk
Estimate of the vulnerability’s impact on the reference community: MEDIUM/YELLOW (63.58/100)1.
Type
- Denial of Service
- Information Disclosure
Affected products and versions
cURL, versions from 7.32.0 to 8.9.0
Mitigation actions
In line with vendor statements, it is recommended to update vulnerable products by following the instructions in the security bulletin reported in the References section.
Unique Vulnerability Identifiers
References
https://curl.se/docs/CVE-2024-7264.html
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
