{
  "threat_severity" : "Low",
  "public_date" : "2024-07-31T00:00:00Z",
  "bugzilla" : {
    "description" : "curl: libcurl: ASN.1 date parser overread",
    "id" : "2301888",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2301888"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-125",
  "details" : [ "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated." ],
  "statement" : "The vulnerability is classified as low severity because it primarily results in a heap buffer over-read rather than a direct memory corruption or code execution risk. Since the ASN.1 parsing occurs after a successful TLS handshake, the malformed certificate must first bypass the TLS library's validation, which significantly reduces the likelihood of exploitation. \nAdditionally, the impact is limited to a potential crash or unintended heap data exposure through CURLINFO_CERTINFO, but not arbitrary code execution. The requirement for a specific TLS backend configuration and the controlled nature of the memory read further minimize its exploitability.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-02-19T00:00:00Z",
    "advisory" : "RHSA-2025:1673",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "mysql:8.0-8100020250212154709.489197e6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-02-19T00:00:00Z",
    "advisory" : "RHSA-2025:1671",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "mysql-0:8.0.41-2.el9_5"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8",
    "release_date" : "2024-10-07T00:00:00Z",
    "advisory" : "RHSA-2024:7726",
    "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8",
    "package" : "openshift-service-mesh/grafana-rhel8:2.6.2-3"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8",
    "release_date" : "2024-10-07T00:00:00Z",
    "advisory" : "RHSA-2024:7726",
    "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8",
    "package" : "openshift-service-mesh/istio-cni-rhel8:2.6.2-5"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8",
    "release_date" : "2024-10-07T00:00:00Z",
    "advisory" : "RHSA-2024:7726",
    "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8",
    "package" : "openshift-service-mesh/istio-must-gather-rhel8:2.6.2-4"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8",
    "release_date" : "2024-10-07T00:00:00Z",
    "advisory" : "RHSA-2024:7726",
    "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8",
    "package" : "openshift-service-mesh/istio-rhel8-operator:2.6.2-5"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8",
    "release_date" : "2024-10-07T00:00:00Z",
    "advisory" : "RHSA-2024:7726",
    "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8",
    "package" : "openshift-service-mesh/kiali-ossmc-rhel8:1.89.2-3"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8",
    "release_date" : "2024-10-07T00:00:00Z",
    "advisory" : "RHSA-2024:7726",
    "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8",
    "package" : "openshift-service-mesh/kiali-rhel8:1.89.4-3"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8",
    "release_date" : "2024-10-07T00:00:00Z",
    "advisory" : "RHSA-2024:7726",
    "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8",
    "package" : "openshift-service-mesh/kiali-rhel8-operator:1.89.6-1"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8",
    "release_date" : "2024-10-07T00:00:00Z",
    "advisory" : "RHSA-2024:7726",
    "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8",
    "package" : "openshift-service-mesh/pilot-rhel8:2.6.2-5"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8",
    "release_date" : "2024-10-07T00:00:00Z",
    "advisory" : "RHSA-2024:7726",
    "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8",
    "package" : "openshift-service-mesh/ratelimit-rhel8:2.6.2-3"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 9",
    "release_date" : "2024-10-07T00:00:00Z",
    "advisory" : "RHSA-2024:7726",
    "cpe" : "cpe:/a:redhat:service_mesh:2.6::el9",
    "package" : "openshift-service-mesh/proxyv2-rhel9:2.6.2-7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "curl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Affected",
    "package_name" : "mysql8.4",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "curl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "mysql",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "curl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "curl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "curl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat JBoss Core Services",
    "fix_state" : "Fix deferred",
    "package_name" : "jbcs-httpd24-curl",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Not affected",
    "package_name" : "rh-mysql80-mysql",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-7264\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-7264\nhttps://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL" ],
  "name" : "CVE-2024-7264",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\nRed Hat build of curl uses OpenSSL, which is not included in the affected list of GnuTLS, Schannel, Secure Transport and mbedTLS. Inspect which TLS backend is in use by running:\n$ curl --version\nCheck the reference for curl handled by the maintainers which may contain more relevant information around this vulnerability.",
    "lang" : "en:us"
  },
  "csaw" : false
}