{
  "schema_version": "1.5.0",
  "id": "CURL-CVE-2024-6874",
  "aliases": [
    "CVE-2024-6874"
  ],
  "summary": "macidn punycode buffer overread",
  "modified": "2026-04-29T09:56:23.00Z",
  "database_specific": {
    "package": "curl",
    "affects": "lib",
    "URL": "https://curl.se/docs/CVE-2024-6874.json",
    "www": "https://curl.se/docs/CVE-2024-6874.html",
    "issue": "https://hackerone.com/reports/2604391",
    "CWE": {
      "id": "CWE-126",
      "desc": "Buffer Over-read"
    },
    "award": {
      "amount": "540",
      "currency": "USD"
    },
    "last_affected": "8.8.0",
    "severity": "Low"
  },
  "published": "2024-07-24T08:00:00.00Z",
  "affected": [
    {
      "ranges": [
        {
           "type": "SEMVER",
           "events": [
             {"introduced": "8.8.0"},
             {"fixed": "8.9.0"}
           ]
        },
        {
           "type": "GIT",
           "repo": "https://github.com/curl/curl.git",
           "events": [
             {"introduced": "add22feeef07858307be5722e1869e082554290e"},
             {"fixed": "686d54baf1df6e0775898f484d1670742898b3b2"}
           ]
        }
      ],
      "versions": [
        "8.8.0"
      ]
    }
  ],
  "credits": [
    {
      "name": "z2_",
      "type": "FINDER"
    },
    {
      "name": "z2_",
      "type": "REMEDIATION_DEVELOPER"
    }
  ],
  "details": "libcurl's URL API function\n[curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode\nconversions, to and from IDN. Asking to convert a name that is exactly 256\nbytes, libcurl ends up reading outside of a stack based buffer when built to\nuse the *macidn* IDN backend. The conversion function then fills up the\nprovided buffer exactly - but does not null terminate the string.\n\nThis flaw can lead to stack contents accidentally getting returned as part of\nthe converted string."
}