CVE-2024-6197
CVE Details
Visit the official vulnerability details page for CVE-2024-6197 to learn more.
Initial Publication
10/26/2024
Last Update
12/16/2024
Third Party Dependency
curl
NIST CVE Summary
libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.
CVE Severity
Our Official Summary
This CVE is reported on nginx-ingress-controller image on the libcurl's ASN1 parser. The vulnerable code path can be triggered by a malicious operation offering an especially crafted TLS certificate. Problem is fixed in curl version >=8.9.0.
Attackers would also need privilged access to cluster running the container as these containers are not exposed beyond the cluster boundary. Risk of explotation is low as well as the impact since the container restricts the attack surface.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.5.15 | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact | ✅ No Impact |
| 4.5.10 | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact | ✅ No Impact |
| 4.5.8 | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact | ✅ No Impact |
| 4.5.5 | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact | ✅ No Impact |
| 4.5.4 | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact | ✅ No Impact |
| 4.4.20 | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 12/16/2024 | Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15 |
| 12/11/2024 | Official summary revised: This CVE is reported on nginx-ingress-controller image on the libcurl's ASN1 parser. The vulnerable code path can be triggered by a malicious operation offering an especially crafted TLS certificate. Problem is fixed in curl version >=8.9.0. Attackers would also need privilged access to cluster running the container as these containers are not exposed beyond the cluster boundary. Risk of explotation is low as well as the impact since the container restricts the attack surface. |
| 11/15/2024 | Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10 |
| 11/13/2024 | Impacted versions changed from 4.5.4, 4.5.5, 4.5.8 to 4.5.4, 4.5.5, 4.5.8, 4.4.20 |
| 11/12/2024 | Impacted versions changed from 4.5.4, 4.5.5 to 4.5.4, 4.5.5, 4.5.8 |
| 10/27/2024 | Impacted versions changed from 4.5.4 to 4.5.4, 4.5.5 |