Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing anASN.1 Generalized Time field. If given an syntactically incorrect field, theparser might end up using -1 for the length of the *time fraction*, leading toa `strlen()` getting performed on a pointer to a heap buffer area that is not(purposely) null terminated.This flaw most likely leads to a crash, but can also lead to heap contentsgetting returned to the application whenCURLINFO_CERTINFO is used.
No PoCs from references.
- https://github.com/Nucl3arAt0m/Elevate-Labs-Task-3
- https://github.com/SruthinagaK/linux-manual-vulnerabitltiy-labscan-June2025
- https://github.com/fkie-cad/nvd-json-data-feeds