Address another component governance issue: CVE-2024-7264
cURL / libcURL contains an out-of-bounds read flaw in the GTime2str() function in lib/vtls/x509asn1.c that is triggered when parsing a syntactically incorrect ASN.1 Generalized Time field. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.
This is fixed in the latest version of curl (8.9.1)
Address another component governance issue: CVE-2024-7264
cURL / libcURL contains an out-of-bounds read flaw in the GTime2str() function in lib/vtls/x509asn1.c that is triggered when parsing a syntactically incorrect ASN.1 Generalized Time field. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.
This is fixed in the latest version of curl (8.9.1)