Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ASN.1 date parser overread
Vulnerability Description
libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
curl 安全漏洞
Vulnerability Description
curl是一款用于从服务器传输数据或向服务器传输数据的工具。 curl存在安全漏洞,该漏洞源于如果给定一个语法不正确的字段,可能将堆内容返回给应用程序或者导致崩溃。
CVSS Information
N/A
Vulnerability Type
N/A