CVE-2024-7264: 
MySQL vulnerability analysis and mitigation

CVE-2024-7264 is a vulnerability in libcurl's ASN1 parser code, specifically in the GTime2str() function used for parsing ASN.1 Generalized Time fields. The vulnerability was discovered on July 30, 2024, and affects curl versions 7.32.0 through 8.9.0. The issue is particularly relevant when curl is built with GnuTLS, Schannel, Secure Transport, or mbedTLS backends (Vendor Advisory).

The vulnerability occurs when the GTime2str() function processes a syntactically incorrect field, causing the parser to use -1 for the length of the time fraction. This leads to a strlen() operation being performed on a pointer to a heap buffer area that is not purposely null-terminated. The issue affects different TLS backends starting from various versions: GnuTLS since 7.42.0, Schannel since 7.50.0, Secure Transport since 7.79.0, and mbedTLS since 8.9.0. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD).

The vulnerability most likely leads to a crash when exploited, but can also result in heap contents being exposed to the application when CURLINFO_CERTINFO is used. The ASN.1 parsing occurs after a successful TLS handshake, meaning the TLS library must first parse the certificate. While the TLS library may reject bad date strings, there might be circumstances where malformed data still reaches libcurl's parser (Vendor Advisory).

The vulnerability has been fixed in curl version 8.9.1. Users are recommended to take one of the following actions: upgrade curl and libcurl to version 8.9.1, apply the patch to their current version and rebuild, or build libcurl with an unaffected TLS backend. The fix was implemented through a commit that addresses the parsing issue (Vendor Advisory).