Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-46219

Published: 12/12/2023 Updated: 19/01/2024
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Curl

Vulnerability Summary

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx curl

fedoraproject fedora 38

Vendor Advisories

Debian CVElist Bug Report Logs: curl: CVE-2023-46218
Debian Bug report logs - #1057646 curl: CVE-2023-46218 Package: src:curl; Maintainer for src:curl is Debian Curl Maintainers <team+curl@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 6 Dec 2023 13:45:04 UTC Severity: important Tags: security, upstream Found in versions curl/7 ...
Debian CVElist Bug Report Logs: curl: CVE-2023-46219
Debian Bug report logs - #1057645 curl: CVE-2023-46219 Package: src:curl; Maintainer for src:curl is Debian Curl Maintainers <team+curl@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 6 Dec 2023 13:45:01 UTC Severity: important Tags: security, upstream Found in versions curl/8 ...
Debian Security Advisories: DSA-5587-1 curl -- security update
Two security issues were discovered in Curl: Cookies were incorrectly validated against the public suffix list of domains and in same cases HSTS data could fail to save to disk For the oldstable distribution (bullseye), these problems have been fixed in version 7740-13+deb11u11 For the stable distribution (bookworm), these problems have been f ...
Amazon Linux 2: ALAS-2024-2385
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible This allows a site to set cookies that then would get sent to different and unrelated sites and domains It could do this by exploiting a mixed case flaw in curl's function that verifies a giv ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use ...

Github Repositories

https://github.com/kyverno/policy-reporter-plugins

Policy Reporter Plugins Monorepo

Policy Reporter Plugins Monorepo Introduction With Policy Reporter UI v2 a new plugin system will be introduced While plugins in v1 were only used for integrating the Policy Reporter Kyverno Plugin, the new system will be more generic and needs to provide a defined set of REST APIs, no actual UI changes are required Plugin information will be included in existing views and pr

References

CWE-311https://hackerone.com/reports/2236133https://curl.se/docs/CVE-2023-46219.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/https://www.debian.org/security/2023/dsa-5587https://security.netapp.com/advisory/ntap-20240119-0007/https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057646https://github.com/kyverno/policy-reporter-pluginshttps://www.debian.org/security/2023/dsa-5587
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook