CVE-2024-6197
CVE Details
Last Update
11/7/2024
NIST CVE Summary
Libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid
field and return error. Unfortunately, when doing so it also invokes free() on a 4 byte localstack buffer. Most modern
malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that
memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the
overwrite is decided by the free() implementation; likely to be memory pointers and a set of flags. The most likely
outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in
special circumstances.
Our Official Summary
This CVE is reported on nginx-ingress-controller image on the libcurl's ASN1 parser. The vulnerable code path can be triggered by a malicious operation offering an especially crafted TLS certificate. Problem is fixed in curl version >=8.9.0. Investigating a possible fix.
CVE Severity
Status
Ongoing
Affected Products & Versions
- Palette VerteX airgap 4.4.14
- Palette Enterprise airgap 4.5.3, 4.5.8
- Palette Enterprise 4.5.3, 4.5.8
Revision History
- 1.0 08/27/2024 Initial Publication
- 2.0 08/27/2024 Added Palette VerteX airgap 4.4.14 to Affected Products
- 3.0 10/10/2024 Added Palette Enterprise airgap 4.5.3 to Affected Products
- 4.0 10/14/2024 Added Palette Enterprise 4.5.3 to Affected Products
- 5.0 11/7/2024 Added Palette Enterprise & Palette Enterprise airgap 4.5.8 to Affected Products