#VU94715 Double free in cURL - CVE-2024-6197


Vulnerability identifier: #VU94715

Vulnerability risk: Medium

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-6197

CWE-ID: CWE-415

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
cURL
Client/Desktop applications / Other client software

Vendor: curl.haxx.se

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in ASN1 parser within the utf8asn1str() function. A remote attacker can pass specially crafted TLS certificate to the application, trigger double free error and execute arbitrary code on the target system.

The vulnerable code can only be reached when curl is built to use GnuTLS, wolfSSL, Schannel or Secure Transport.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

cURL: 8.6.0 - 8.8.0

External links
http://curl.se/docs/CVE-2024-6197.json
http://curl.se/docs/CVE-2024-6197.html
http://hackerone.com/reports/2559516
http://www.openwall.com/lists/oss-security/2024/07/24/1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM PowerSC
Autodesk InfraWorks update for third-party components
Multiple vulnerabilities in Nessus Network Monitor
Multiple vulnerabilities in IBM QRadar WinCollect Agent
Multiple vulnerabilities in Tenable Security Center
SUSE update for curl
Fedora 40 update for curl
Multiple vulnerabilities in cURL