CVE-2024-6874

{"id": "CVE-2024-6874", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.6}]}, "published": "2024-07-24T08:15:03.413", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/07/24/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "2499f714-1537-4658-8207-48ae4bb9eae9"}, {"url": "https://curl.se/docs/CVE-2024-6874.html", "tags": ["Vendor Advisory"], "source": "2499f714-1537-4658-8207-48ae4bb9eae9"}, {"url": "https://curl.se/docs/CVE-2024-6874.json", "tags": ["Vendor Advisory"], "source": "2499f714-1537-4658-8207-48ae4bb9eae9"}, {"url": "https://hackerone.com/reports/2604391", "tags": ["Exploit", "Issue Tracking", "Technical Description"], "source": "2499f714-1537-4658-8207-48ae4bb9eae9"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/24/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://curl.se/docs/CVE-2024-6874.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://curl.se/docs/CVE-2024-6874.json", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://hackerone.com/reports/2604391", "tags": ["Exploit", "Issue Tracking", "Technical Description"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240822-0004/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "libcurl's URL API function\n[curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode\nconversions, to and from IDN. Asking to convert a name that is exactly 256\nbytes, libcurl ends up reading outside of a stack based buffer when built to\nuse the *macidn* IDN backend. The conversion function then fills up the\nprovided buffer exactly - but does not null terminate the string.\n\nThis flaw can lead to stack contents accidently getting returned as part of\nthe converted string."}, {"lang": "es", "value": "La funci\u00f3n API de URL de libcurl [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) ofrece conversiones punycode, hacia y desde IDN. Al solicitar convertir un nombre que tiene exactamente 256 bytes, libcurl termina leyendo fuera de un b\u00fafer en la regi\u00f3n stack de la memoria cuando se construye para usar el backend IDN *macidn*. Luego, la funci\u00f3n de conversi\u00f3n llena exactamente el b\u00fafer proporcionado, pero no termina en nulo la cadena. Esta falla puede provocar que el contenido de la pila se devuelva accidentalmente como parte de la cadena convertida."}], "lastModified": "2024-11-21T09:50:26.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:haxx:libcurl:8.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "759E33B7-1F1E-4050-A400-A2176BF35469"}], "operator": "OR"}]}], "sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9"}