How severe is CVE-2024-7264?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2024-7264?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2024-7264 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.

Related Vulnerabilities

CVE-2016-4652

MEDIUM

CVSS:6.3(Medium)

CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via...

CWE-1252016

CVE-2017-18446

MEDIUM

CVSS:6.3(Medium)

cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250).

CWE-1252017

CVE-2021-39218

MEDIUM

CVSS:6.3(Medium)

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and ou...

CWE-1252021

CVE-2023-1544

MEDIUM

CVSS:6.3(Medium)

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of...

CWE-1252023

CVE-2023-20851

MEDIUM

CVSS:6.3(Medium)

In stc, there is a possible out of bounds read due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploit...

CWE-1252023

CVE-2023-25514

MEDIUM

CVSS:6.3(Medium)

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. ...

CWE-1252023