Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-38546

Published: 18/10/2023 Updated: 26/01/2024
CVSS v3 Base Score: 3.7 | Impact Score: 1.4 | Exploitability Score: 2.2
VMScore: 0
Subscribe to Libcurl

Vulnerability Summary

This flaw allows an malicious user to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx libcurl

Vendor Advisories

Debian Security Advisories: DSA-5523-1 curl -- security update
Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool: CVE-2023-38545 Jay Satiro discovered a buffer overflow in the SOCKS5 proxy handshake CVE-2023-38546 It was discovered that under some circumstances libcurl was susceptible to cookie injection For the oldstable distribution ...
Amazon Linux 2: ALASECS-2023-016
An issue was found in libcurl which allows cookies to be inserted into a running program if specific conditions are met The libcurl provided function, curl_easy_duphandle(), is used to duplicate the easy_handle associated with a transfer If a duplicated transfer's easy_handle has cookies enabled when it is duplicated, the cookie-enabled state is ...
Amazon Linux 2: ALAS2-2023-2287
An issue was found in curl that can cause a buffer overflow in its SOCKS5 proxy communications code When curl is using a SOCKS5 proxy and it needs to resolve a hostname to an IP address, its default behavior is to pass the hostname to the proxy and allow it to perform the resolution In cases where the hostname is greater than 255 characters in le ...
Red Hat:
Description<!---->A flaw was found in the Curl package This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are metA flaw was found in the Curl package This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are me ...
Cisco: cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
On October 11, 2023, cURL released Version 840 of the cURL utility and the libcurl library This release addressed two security vulnerabilities: CVE-2023-38545 - High Security Impact Rating (SIR) CVE-2023-38546 - Low SIR This advisory covers CVE-2023-38545 only For more information about this vulnerability, see the cURL advisory This adviso ...
Red Hat: Important: OpenShift Virtualization 4.13.6 security and bug fix update
概述 Important: OpenShift Virtualization 4136 security and bug fix update 类型/严重性 Security Advisory: Important 标题 Red Hat OpenShift Virtualization release 4136 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security i ...
Red Hat: Low: curl security and bug fix update
Synopsis Low: curl security and bug fix update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for curl is now available for Red Hat Enterprise Linux 88 Extended Update SupportRed Hat Product Security has rated this ...
Red Hat: Important: OpenShift Container Platform 4.14.2 security and extras update
Synopsis Important: OpenShift Container Platform 4142 security and extras update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4142 is now available with updates to packages and images that fix several bugsThis release includes a security update for Red Hat OpenShift Container Platform 414 ...
Red Hat: Important: OpenShift Container Platform 4.12.44 bug fix and security update
Synopsis Important: OpenShift Container Platform 41244 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41244 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Red Hat: Important: OpenShift Container Platform 4.12.44 security and extras update
Synopsis Important: OpenShift Container Platform 41244 security and extras update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41244 is now available with updates to packages and images that fix several bugsThis release includes a security update for Red Hat OpenShift Container Platform 4 ...
Red Hat: Important: OpenShift Virtualization 4.14.1 security and bug fix update
Synopsis Important: OpenShift Virtualization 4141 security and bug fix update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 4141 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security imp ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP2 security update
概述 Important: Red Hat JBoss Core Services Apache HTTP Server 2457 SP2 security update 类型/严重性 Security Advisory: Important 标题 Red Hat JBoss Core Services Apache HTTP Server 2457 Service Pack 2 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Red Hat: Important: Red Hat Ceph Storage 6.1 security, enhancements, and bug fix update
Synopsis Important: Red Hat Ceph Storage 61 security, enhancements, and bug fix update Type/Severity Security Advisory: Important Topic Updated container image for Red Hat Ceph Storage 61 is now available in the Red Hat Ecosystem Catalog Description Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines ...
Red Hat: Important: curl security update
Synopsis Important: curl security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for curl is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has rated this ...
Red Hat: Important: OpenShift Container Platform 4.13.22 security and extras update
Synopsis Important: OpenShift Container Platform 41322 security and extras update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41322 is now available with updates to packages and images that fix several bugsThis release includes a security update for Red Hat OpenShift Container Platform 4 ...
Red Hat: Important: curl security update
Synopsis Important: curl security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for curl is now available for Red Hat Enterprise Linux 92 Extended Update SupportRed Hat Product Security has rated this ...
Red Hat: Important: OpenShift Container Platform 4.11.54 bug fix and security update
Synopsis Important: OpenShift Container Platform 41154 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41154 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Red Hat: Important: OpenShift Container Platform 4.11.54 security and extras update
Synopsis Important: OpenShift Container Platform 41154 security and extras update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41154 is now available with updates to packages and images that fix several bugsThis release includes a security update for Red Hat OpenShift Container Platform 4 ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP2 security update
概述 Important: Red Hat JBoss Core Services Apache HTTP Server 2457 SP2 security update 类型/严重性 Security Advisory: Important Red Hat Insights 补丁分析 识别并修复受此公告影响的系统。 查看受影响的系统 标题 An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has ...
Red Hat: Moderate: curl security update
Synopsis Moderate: curl security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for curl is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has rated this u ...
Red Hat: Important: Migration Toolkit for Applications security and bug fix update
Synopsis Important: Migration Toolkit for Applications security and bug fix update Type/Severity Security Advisory: Important Topic Migration Toolkit for Applications 621 releaseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a deta ...
Red Hat: Important: Red Hat OpenShift GitOps v1.9.3 security update
Synopsis Important: Red Hat OpenShift GitOps v193 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift GitOps 19Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detaile ...
Red Hat: Important: OpenShift Container Platform 4.12.43 bug fix and security update
Synopsis Important: OpenShift Container Platform 41243 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41243 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Red Hat: Important: Red Hat OpenShift Enterprise security update
Synopsis Important: Red Hat OpenShift Enterprise security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Container Platform 412Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives ...
Red Hat: Important: Network Observability security update
Synopsis Important: Network Observability security update Type/Severity Security Advisory: Important Topic An update for network-observability-console-plugin-container, network-observability-ebpf-agent-container, network-observability-flowlogs-pipeline-container, network-observability-operator-bundle-container, and network-observability-opera ...
Red Hat: Important: Red Hat OpenStack Platform 17.1.1 (director-operator) security update
Synopsis Important: Red Hat OpenStack Platform 1711 (director-operator) security update Type/Severity Security Advisory: Important Topic An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 17 ...
Red Hat: Important: OpenShift Virtualization 4.12.9 Images security and bug fix update
Synopsis Important: OpenShift Virtualization 4129 Images security and bug fix update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 4129 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a secur ...
Red Hat: Low: Logging Subsystem 5.8.1- Red Hat OpenShift security update
Synopsis Low: Logging Subsystem 581- Red Hat OpenShift security update Type/Severity Security Advisory: Low Topic An update is now available for RHOL-58-RHEL-9Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, i ...
Red Hat: Important: OpenShift Virtualization 4.13.5 Images security update
Synopsis Important: OpenShift Virtualization 4135 Images security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 4135 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact o ...
Red Hat: Important: OpenShift Container Platform 4.13.22 bug fix and security update
Synopsis Important: OpenShift Container Platform 41322 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41322 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Red Hat: Important: cert-manager Operator for Red Hat OpenShift 1.11.5
Synopsis Important: cert-manager Operator for Red Hat OpenShift 1115 Type/Severity Security Advisory: Important Topic cert-manager Operator for Red Hat OpenShift 1115Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...
Red Hat: Important: OpenShift Container Platform 4.14.2 bug fix and security update
Synopsis Important: OpenShift Container Platform 4142 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4142 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...
Red Hat: Important: cert-manager Operator for Red Hat OpenShift 1.12.1
Synopsis Important: cert-manager Operator for Red Hat OpenShift 1121 Type/Severity Security Advisory: Important Topic cert-manager Operator for Red Hat OpenShift 1121Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...
Red Hat: Important: curl security update
Synopsis Important: curl security update Type / Sévérité Security Advisory: Important Analyse des correctifs dans Red Hat Insights Identifiez et remédiez aux systèmes concernés par cette alerte Voir les systèmes concernés Sujet An update for curl is now available for Red Hat Enterprise Linux 9Red Hat Product Security has r ...
Red Hat: Important: Kernel Module Management security update
Synopsis Important: Kernel Module Management security update Type/Severity Security Advisory: Important Topic This is an update for the Red Hat OpenShift Kernel Module Management 11 operator and images to address CVE-2023-44487 which Red Hat has assessed as being Important (sees accessredhatcom/security/cve/CVE-2023-44487 for detai ...
Arch Linux Issues:
A logic flaw has been found in cURL before 840, which allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met ...
Hitachi Security Advisories: Vulnerability in JP1/VERITAS
A vulnerability (VTS23-013) exists in JP1/VERITAS Affected products and versions are listed below ...
Apple: macOS Ventura 13.6.4
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the&nbsp;Apple security releases page Apple security documents reference vulnerabilities by&nbsp;CVE-ID&nbsp;whe ...
Apple: iOS 16.7.5 and iPadOS 16.7.5
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the&nbsp;Apple security releases page Apple security documents reference vulnerabilities by&nbsp;CVE-ID&nbsp;whe ...
Apple: macOS Monterey 12.7.3
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the&nbsp;Apple security releases page Apple security documents reference vulnerabilities by&nbsp;CVE-ID&nbsp;whe ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/98c399e36f6402fb998b84a1a7aaa7b0
Critical Infrastructure Sectors: Critical Manufacturing
https://ics-cert.us-cert.gov/advisories/e2976ccc74b2bc61eb57d83f2d4cc108
Critical Infrastructure Sectors: Critical Manufacturing
https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Recent Articles

curl vulnerabilities ironed out with patches after week-long tease
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources The coordinated disclosure didn’t quite go to plan, though

After a week of rampant speculation about the nature of the security issues in curl, the latest version of the command line transfer tool was finally released today. Described by curl project founder and lead developer Daniel Stenberg as "probably the worst curl security flaw in a long time," the patches address two separate vulnerabilities: CVE-2023-38545 and CVE-2023-38546. We now know the first vulnerability, CVE-2023-38545, is a heap-based buffer overflow flaw that affects both libcurl and t...

Read more...
Fresh curl tomorrow will patch 'worst' security flaw in ages
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources It’s bad, folks. Pair of CVEs incoming on October 11

Start your patch engines – a new version of curl is due tomorrow that addresses a pair of flaws, one of which lead developer Daniel Stenberg describes as "probably the worst curl security flaw in a long time." Curl 8.4.0 will hit at around 0600 UTC (0800 CEST, 0700 BST, 0200 EST, 2300 PDT) on October 11 and deal with CVE-2023-38545, which affects both libcurl and the curl tool, and CVE-2023-38546, which only affects libcurl. The release has no API or ABI changes, so the update should slot in w...

Read more...

References

NVD-CWE-noinfohttps://curl.se/docs/CVE-2023-38546.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/https://support.apple.com/kb/HT214063https://support.apple.com/kb/HT214057https://support.apple.com/kb/HT214058https://support.apple.com/kb/HT214036http://seclists.org/fulldisclosure/2024/Jan/34http://seclists.org/fulldisclosure/2024/Jan/37http://seclists.org/fulldisclosure/2024/Jan/38https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5523https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook