VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-6wqn-x88m-a3hx

Essentials
Severities (38)
References (13)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-6wqn-x88m-a3hx
Aliases	CVE-2024-6197
Summary	libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-590

Free of Memory not on the Heap

System	Score	Found at
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6197.json
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.01154	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.01253	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.01253	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.01253	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.01278	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.01278	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.01278	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.03371	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.03371	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.03371	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.03371	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.03371	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.03371	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.03371	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.03371	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.03371	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.03371	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
epss	0.03371	https://api.first.org/data/v1/epss?cve=CVE-2024-6197
cvssv3.1	7.5	https://curl.se/docs/CVE-2024-6197.html
cvssv3.1	Medium	https://curl.se/docs/CVE-2024-6197.html
ssvc	Track	https://curl.se/docs/CVE-2024-6197.html
cvssv3.1	7.5	https://curl.se/docs/CVE-2024-6197.json
ssvc	Track	https://curl.se/docs/CVE-2024-6197.json
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://hackerone.com/reports/2559516
ssvc	Track	https://hackerone.com/reports/2559516
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-6197
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2024/07/24/1
ssvc	Track	http://www.openwall.com/lists/oss-security/2024/07/24/1
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2024/07/24/5
ssvc	Track	http://www.openwall.com/lists/oss-security/2024/07/24/5

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6197.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-6197
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.netapp.com/advisory/ntap-20241129-0008/
1		http://www.openwall.com/lists/oss-security/2024/07/24/1
1076996		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076996
2299653		https://bugzilla.redhat.com/show_bug.cgi?id=2299653
2559516		https://hackerone.com/reports/2559516
5		http://www.openwall.com/lists/oss-security/2024/07/24/5
cpe:2.3:a:haxx:libcurl::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl::::::::
CVE-2024-6197		https://nvd.nist.gov/vuln/detail/CVE-2024-6197
CVE-2024-6197.html		https://curl.se/docs/CVE-2024-6197.html
CVE-2024-6197.json		https://curl.se/docs/CVE-2024-6197.json

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6197.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://curl.se/docs/CVE-2024-6197.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:42:30Z/ Found at https://curl.se/docs/CVE-2024-6197.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://curl.se/docs/CVE-2024-6197.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:42:30Z/ Found at https://curl.se/docs/CVE-2024-6197.json

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://hackerone.com/reports/2559516

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:42:30Z/ Found at https://hackerone.com/reports/2559516

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-6197

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2024/07/24/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:42:30Z/ Found at http://www.openwall.com/lists/oss-security/2024/07/24/1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2024/07/24/5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:42:30Z/ Found at http://www.openwall.com/lists/oss-security/2024/07/24/5

Exploit Prediction Scoring System (EPSS)

Percentile	0.7776
EPSS Score	0.01154
Published At	Sept. 12, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:42:42.396748+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.17/main.json	37.0.0