libcurl: freeing stack buffer during x509 certificate parsing
Medium
Vulnerability Details
Hello, I would like to report a vulnerability here, initially reported by me to the curl project.
HackerOne Report: https://hackerone.com/reports/2559516
CVE: CVE-2024-6197
Advisory: https://curl.se/docs/CVE-2024-6197.html
Severity: Medium
## Impact
By serving a specifically crafted TLS certificate, a malicious server can trigger a `free()` of a buffer located on the stack.
This can lead to a crash or to further memory corruptions.
Actions
View on HackerOneReport Stats
- Report ID: 2621057
- State: Closed
- Substate: resolved
- Upvotes: 6