CVE-2023-28319 — HIGH (7.5)

Q: How severe is CVE-2023-28319?

CVE-2023-28319 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-28319?

Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl, Apple Macos, Netapp Clustered Data Ontap, Netapp Ontap Antivirus Connector, Netapp H300S Firmware.

Vulnerability Description

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Haxx	Curl	< 8.1.0
Apple	Macos	>= 11.0, < 11.7.9
Netapp	Clustered Data Ontap	-
Netapp	Ontap Antivirus Connector	-
Netapp	H300S Firmware	-
Netapp	H300S	-
Netapp	H500S Firmware	-
Netapp	H500S	-
Netapp	H700S Firmware	-
Netapp	H700S	-
Netapp	H410S Firmware	-
Netapp	H410S	-

Related Weaknesses (CWE)

CWE-416

References

http://seclists.org/fulldisclosure/2023/Jul/47Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2023/Jul/48Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2023/Jul/52Mailing ListThird Party Advisory
https://hackerone.com/reports/1913733ExploitPatchThird Party Advisory
https://security.gentoo.org/glsa/202310-12Third Party Advisory
https://security.netapp.com/advisory/ntap-20230609-0009/Third Party Advisory
https://support.apple.com/kb/HT213843Third Party Advisory
https://support.apple.com/kb/HT213844Third Party Advisory
https://support.apple.com/kb/HT213845Third Party Advisory
http://seclists.org/fulldisclosure/2023/Jul/47Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2023/Jul/48Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2023/Jul/52Mailing ListThird Party Advisory
https://hackerone.com/reports/1913733ExploitPatchThird Party Advisory
https://security.gentoo.org/glsa/202310-12Third Party Advisory
https://security.netapp.com/advisory/ntap-20230609-0009/Third Party Advisory

FAQ

What is CVE-2023-28319?

CVE-2023-28319 is a vulnerability with a CVSS score of 7.5 (HIGH). A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memor...

How severe is CVE-2023-28319?

CVE-2023-28319 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-28319?

Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl, Apple Macos, Netapp Clustered Data Ontap, Netapp Ontap Antivirus Connector, Netapp H300S Firmware.