| CARVIEW |
Select Language
HTTP/2 200
date: Wed, 30 Jul 2025 22:36:18 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"73db9778f6174b928f87500e6204122d"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=bdSw8Uz%2B5Xq1bUapsLmQSodyRjPWljw0olHpYK3K9YV03JrgpQ2MVK2EIgMIUl89kYI9jk388jgSkJaoidXHSxX33quhdWURz0wCMc%2Bq8wvuTLxQVECeSAWTrcf3tM0FAcUKRtTwOH6rSDsD5SWbeiUpQy1Y3SfrzEanJU5IZtffSP%2BMeCvcz0ZF%2BI75bJP3Prw3OgRB5ITL%2Bpebn1Knjv%2FxWkc%2BufYSsi12%2FPf0SDnmaLnCR9wPK7Y%2FPPNYfYv3GEcGd2c4SbXWMDoI5ItFYw%3D%3D--0UhD2gZpJ88BWZTd--nL3jMYdtAkoQcE%2F%2F2Qirpg%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.852845611.1753914978; Path=/; Domain=github.com; Expires=Thu, 30 Jul 2026 22:36:18 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Thu, 30 Jul 2026 22:36:18 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: 8638:3BDB3D:90D9F:D463C:688A9E62
libcurl's ASN1 parser code has the `GTime2str()` function... · CVE-2024-7264 · GitHub Advisory Database · GitHub
Skip to content
Navigation Menu
CVE-2024-7264
{{ message }}
libcurl's ASN1 parser code has the `GTime2str()` function...
Moderate severity
Unreviewed
Published
Jul 31, 2024
to the GitHub Advisory Database
•
Updated Aug 12, 2024
Description
Published by the National Vulnerability Database
Jul 31, 2024
Published to the GitHub Advisory Database
Jul 31, 2024
Last updated
Aug 12, 2024
Severity
Moderate
/ 10
CVSS v3 base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS score
(85th percentile)
Weaknesses
Weakness CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer. Learn more on MITRE.CVE ID
CVE-2024-7264
GHSA ID
GHSA-97c4-2w4v-c7r8
Source code
No known source code
Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.
Loading
Checking history
See something to contribute?
Suggest improvements for this vulnerability.
You can’t perform that action at this time.
libcurl's ASN1 parser code has the
GTime2str()function, used for parsing anASN.1 Generalized Time field. If given an syntactically incorrect field, the
parser might end up using -1 for the length of the time fraction, leading to
a
strlen()getting performed on a pointer to a heap buffer area that is not(purposely) null terminated.
This flaw most likely leads to a crash, but can also lead to heap contents
getting returned to the application when
CURLINFO_CERTINFO is used.
References