curl: stack-buffer overread during punycode conversions

Disclosed: 2024-09-22 20:31:25 By z2_ To ibb
Low
Vulnerability Details
Hello, I would like to report a vulnerability here, initially reported by me to the curl project. HackerOne report: https://hackerone.com/reports/2604391 CVE: CVE-2024-6874 Advisory: https://curl.se/docs/CVE-2024-6874.html Severity: Low ## Impact When converting the domain name of a URL from/to punycode with libcurl's URL API, libcurl reads past the bounds of a stack-buffer and includes adjacent stack-memory in the conversion result. This potentially leaks pointer values.
Actions
View on HackerOne
Report Stats
  • Report ID: 2621062
  • State: Closed
  • Substate: resolved
  • Upvotes: 28
Share this report