Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2023-27537

Published: 30/03/2023 Updated: 27/03/2024
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 0
Subscribe to Libcurl

Vulnerability Summary

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx libcurl 7.88.1

haxx libcurl 7.88.0

netapp active iq unified manager -

broadcom brocade fabric operating system firmware -

netapp clustered data ontap 9.0

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h410s_firmware -

splunk universal forwarder 9.1.0

splunk universal forwarder

Vendor Advisories

Amazon Linux 2: ALAS2-2023-2070
The curl advisory describes this issue as follows: curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation Due to lack of proper input scrubbing and without it being the documented functionality, curl would pass on user name and telnet options ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/98c399e36f6402fb998b84a1a7aaa7b0
Critical Infrastructure Sectors: Critical Manufacturing
https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/ctflearner/Learn365

Welcome to Learn365! This repository is about 365 days of Learning .

Learn365 Welcome to Learn365! This repository is about 365 days of Learning This repository contains all the information shared during my Learn 365 Challenge365 Days of Learning is a challenge to stay engaged in learning and personal development for a full year by setting a goal to learn something new every day, it can be anything from infosecFollow me on LinkedIn for Regul

References

CWE-415https://hackerone.com/reports/1897203https://security.netapp.com/advisory/ntap-20230420-0010/https://security.gentoo.org/glsa/202310-12https://nvd.nist.govhttps://github.com/ctflearner/Learn365https://alas.aws.amazon.com/AL2/ALAS-2023-2070.htmlhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook