{"id":"CURL-CVE-2024-7264","summary":"ASN.1 date parser overread","details":"libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.","aliases":["CVE-2024-7264"],"modified":"2026-04-25T20:30:10.184746Z","published":"2024-07-31T08:00:00Z","database_specific":{"affects":"both","CWE":{"desc":"Out-of-bounds Read","id":"CWE-125"},"issue":"https://hackerone.com/reports/2629968","last_affected":"8.9.0","package":"curl","URL":"https://curl.se/docs/CVE-2024-7264.json","award":{"amount":"540","currency":"USD"},"www":"https://curl.se/docs/CVE-2024-7264.html","severity":"Low"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.32.0"},{"fixed":"8.9.1"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"3a24cb7bc456366cbc3a03f7ab6d2576105a1f2d"},{"fixed":"27959ecce75cdb2809c0bdb3286e60e08fadb519"}]}],"versions":["8.9.0","8.8.0","8.7.1","8.7.0","8.6.0","8.5.0","8.4.0","8.3.0","8.2.1","8.2.0","8.1.2","8.1.1","8.1.0","8.0.1","8.0.0","7.88.1","7.88.0","7.87.0","7.86.0","7.85.0","7.84.0","7.83.1","7.83.0","7.82.0","7.81.0","7.80.0","7.79.1","7.79.0","7.78.0","7.77.0","7.76.1","7.76.0","7.75.0","7.74.0","7.73.0","7.72.0","7.71.1","7.71.0","7.70.0","7.69.1","7.69.0","7.68.0","7.67.0","7.66.0","7.65.3","7.65.2","7.65.1","7.65.0","7.64.1","7.64.0","7.63.0","7.62.0","7.61.1","7.61.0","7.60.0","7.59.0","7.58.0","7.57.0","7.56.1","7.56.0","7.55.1","7.55.0","7.54.1","7.54.0","7.53.1","7.53.0","7.52.1","7.52.0","7.51.0","7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0","7.45.0","7.44.0","7.43.0","7.42.1","7.42.0","7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","7.35.0","7.34.0","7.33.0","7.32.0"],"database_specific":{"vanir_signatures_modified":"2026-04-25T20:30:10Z","vanir_signatures":[{"target":{"file":"lib/vtls/x509asn1.c"},"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519","signature_type":"Line","digest":{"line_hashes":["225876056498704765845877006559546262300","176423151054548165360750876540677858194","289668165175774764560448522829877424639","242644217041992152321989115265215972879","268532454690515376590998156180152951206","310272947232416495089203242947839935684","301038965153660893262258651624092148049","32862098234719251992637084107481093688","220300149285119356296593497329560454543","303852349410960188254824451623453671590","9591007534432890142340230746602368870","275271375232490080563785528446164228624","17377905258464721812210095822744909001","42362003463451388804118331388589612087","32253411418572657241631111414545383706","98035622866023045045478393730663191063","296432699133742590980654626491505239460","230280919300164717500587727305278940390","25538375731885481183170371639755625079","267395533405182516326850447821945556602","213019383524148410116549292298220134339","239491207639922602422962646100192763644","262405149748443976684945419827080942246","108788281347994535860029351021890880673","313863988834971745022596417113198128543","17971457333675315949877802435449047435"],"threshold":0.9},"id":"CURL-CVE-2024-7264-4e081f7c","deprecated":false},{"target":{"file":"lib/vtls/x509asn1.h"},"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519","signature_type":"Line","digest":{"line_hashes":["95126134743640794896963096731829227697","144779354657065835501752563488437428604","317072365810900046882446524785076944464"],"threshold":0.9},"id":"CURL-CVE-2024-7264-cfa804fd","deprecated":false},{"target":{"function":"GTime2str","file":"lib/vtls/x509asn1.c"},"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519","signature_type":"Function","digest":{"length":1104,"function_hash":"44391705612524364774368042722019714327"},"id":"CURL-CVE-2024-7264-d8001915","deprecated":false}],"source":"https://curl.se/docs/CURL-CVE-2024-7264.json"}}],"schema_version":"1.7.5","credits":[{"name":"Dov Murik (Transmit Security)","type":"FINDER"},{"name":"Stefan Eissing","type":"REMEDIATION_DEVELOPER"}]}