Published: 26/05/2023 Updated: 20/10/2023

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 0

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haxx curl
apple macos
netapp clustered data ontap -
netapp ontap antivirus connector -
netapp h300s_firmware -
netapp h500s_firmware -
netapp h700s_firmware -
netapp h410s_firmware -

Debian Bug report logs - #1036239 curl: CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 17 May 2023 20:57:02 UTC Severity: grave Tags: security, upstream F ...

Description This CVE is under investigation by Red Hat Product Security ...

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID&nbsp ...

Critical Infrastructure Sectors: Critical Manufacturing

Assessing security of v8.0.1 of the CLI tool curl

Security Evaluation of curl Written in collaberation with Michael Choi, Theodore Lau, Adam Murtagh, Sami Hamide, Alexander West for UCLA CS 136, Computer Security Summary In this report, we assess and rate the security of version 801 of the well-known command-line URL data transfer tool curl We approached this analysis from three angles — researching previous vulnerab

CWE-362 CWE-400 https://hackerone.com/reports/1929597 https://security.netapp.com/advisory/ntap-20230609-0009/https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213845 http://seclists.org/fulldisclosure/2023/Jul/47 http://seclists.org/fulldisclosure/2023/Jul/48 http://seclists.org/fulldisclosure/2023/Jul/52 https://security.gentoo.org/glsa/202310-12 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239 https://nvd.nist.gov https://github.com/awest25/Curl-Security-Evaluation https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15 https://access.redhat.com/security/cve/cve-2023-28320

CVE-2023-28320

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect