libcurl's ASN1 parser code has the GTime2str() function, used for parsing an
ASN.1 Generalized Time field. If given an syntactically incorrect field, the
parser might end up using -1 for the length of the time fraction, leading to
a strlen() getting performed on a pointer to a heap buffer area that is not
(purposely) null terminated.
This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when CURLINFO_CERTINFO is used.
Exploitability
AV:NAC:LPR:LUI:NScope
S:UImpact
C:LI:LA:L6.3/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L