{"id":"CURL-CVE-2024-6874","summary":"macidn punycode buffer overread","details":"libcurl's URL API function\n[curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode\nconversions, to and from IDN. Asking to convert a name that is exactly 256\nbytes, libcurl ends up reading outside of a stack based buffer when built to\nuse the *macidn* IDN backend. The conversion function then fills up the\nprovided buffer exactly - but does not null-terminate the string.\n\nThis flaw can lead to stack contents accidentally getting returned as part of\nthe converted string.","aliases":["CVE-2024-6874"],"modified":"2026-05-19T09:30:07.621563392Z","published":"2024-07-24T08:00:00Z","database_specific":{"CWE":{"desc":"Buffer Over-read","id":"CWE-126"},"issue":"https://hackerone.com/reports/2604391","package":"curl","affects":"lib","www":"https://curl.se/docs/CVE-2024-6874.html","URL":"https://curl.se/docs/CVE-2024-6874.json","severity":"Low","award":{"amount":"540","currency":"USD"},"last_affected":"8.8.0"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"8.8.0"},{"fixed":"8.9.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"add22feeef07858307be5722e1869e082554290e"},{"fixed":"686d54baf1df6e0775898f484d1670742898b3b2"}]}],"versions":["8.8.0","curl-8_8_0"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2024-6874.json"}}],"schema_version":"1.7.5","credits":[{"name":"z2_","type":"FINDER"},{"name":"z2_","type":"REMEDIATION_DEVELOPER"}]}