exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 16

BDU:2024-05923

больше 1 года назад

Уязвимость функции GTime2str парсера ASN1 Parser библиотеки libcurl, позволяющая нарушителю вызвать октаз в обслуживании

CVSS3: 4.8

EPSS: Низкий

ROS-20240816-22

около 1 года назад

Уязвимость libcurl

CVSS3: 4.8

EPSS: Низкий

ROS-20240816-13

около 1 года назад

Уязвимость zlib

CVSS3: 4.8

EPSS: Низкий

ROS-20240816-02

около 1 года назад

Уязвимость curl

CVSS3: 4.8

EPSS: Низкий

CVE-2024-7264

больше 1 года назад

libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.

CVSS3: 6.5

EPSS: Низкий

CVE-2024-7264

больше 1 года назад

CVSS3: 5.3

EPSS: Низкий

CVE-2024-7264

больше 1 года назад

CVSS3: 6.5

EPSS: Низкий

CVE-2024-7264

около 1 года назад

CVSS3: 6.5

EPSS: Низкий

CVE-2024-7264

больше 1 года назад

libcurl's ASN1 parser code has the `GTime2str()` function, used for pa ...

CVSS3: 6.5

EPSS: Низкий

SUSE-SU-2024:3080-2

около 1 года назад

Security update for curl

EPSS: Низкий

SUSE-SU-2024:3080-1

около 1 года назад

Security update for curl

EPSS: Низкий

SUSE-SU-2024:2938-1

около 1 года назад

Security update for curl

EPSS: Низкий

GHSA-97c4-2w4v-c7r8

больше 1 года назад

CVSS3: 6.5

EPSS: Низкий

SUSE-SU-2024:2784-1

около 1 года назад

Security update for curl

EPSS: Низкий

ELSA-2025-1673

9 месяцев назад

ELSA-2025-1673: mysql:8.0 security update (IMPORTANT)

EPSS: Низкий

ELSA-2025-1671

9 месяцев назад

ELSA-2025-1671: mysql security update (IMPORTANT)

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
BDU:2024-05923 Уязвимость функции GTime2str парсера ASN1 Parser библиотеки libcurl, позволяющая нарушителю вызвать октаз в обслуживании	CVSS3: 4.8	5% Низкий	больше 1 года назад
ROS-20240816-22 Уязвимость libcurl	CVSS3: 4.8	5% Низкий	около 1 года назад
ROS-20240816-13 Уязвимость zlib	CVSS3: 4.8	5% Низкий	около 1 года назад
ROS-20240816-02 Уязвимость curl	CVSS3: 4.8	5% Низкий	около 1 года назад
CVE-2024-7264 libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.	CVSS3: 6.5	5% Низкий	больше 1 года назад
CVE-2024-7264 libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.	CVSS3: 5.3	5% Низкий	больше 1 года назад
CVE-2024-7264 libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.	CVSS3: 6.5	5% Низкий	больше 1 года назад
CVE-2024-7264	CVSS3: 6.5	5% Низкий	около 1 года назад
CVE-2024-7264 libcurl's ASN1 parser code has the `GTime2str()` function, used for pa ...	CVSS3: 6.5	5% Низкий	больше 1 года назад
SUSE-SU-2024:3080-2 Security update for curl		5% Низкий	около 1 года назад
SUSE-SU-2024:3080-1 Security update for curl		5% Низкий	около 1 года назад
SUSE-SU-2024:2938-1 Security update for curl		5% Низкий	около 1 года назад
GHSA-97c4-2w4v-c7r8 libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.	CVSS3: 6.5	5% Низкий	больше 1 года назад
SUSE-SU-2024:2784-1 Security update for curl			около 1 года назад
ELSA-2025-1673 ELSA-2025-1673: mysql:8.0 security update (IMPORTANT)			9 месяцев назад
ELSA-2025-1671 ELSA-2025-1671: mysql security update (IMPORTANT)			9 месяцев назад

Уязвимостей на страницу