Vulnerability Description
When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Haxx | Curl | >= 7.84.0, < 8.5.0 |
| Fedoraproject | Fedora | 38 |
Related Weaknesses (CWE)
References
- https://curl.se/docs/CVE-2023-46219.htmlVendor Advisory
- https://hackerone.com/reports/2236133ExploitThird Party Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Third Party Advisory
- https://security.netapp.com/advisory/ntap-20240119-0007/
- https://www.debian.org/security/2023/dsa-5587
- https://curl.se/docs/CVE-2023-46219.htmlVendor Advisory
- https://hackerone.com/reports/2236133ExploitThird Party Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]Third Party Advisory
- https://security.netapp.com/advisory/ntap-20240119-0007/
- https://www.debian.org/security/2023/dsa-5587
- https://cert-portal.siemens.com/productcert/html/ssa-082556.html
- https://cert-portal.siemens.com/productcert/html/ssa-093430.html
- https://cert-portal.siemens.com/productcert/html/ssa-331112.html
FAQ
What is CVE-2023-46219?
CVE-2023-46219 is a vulnerability with a CVSS score of 5.3 (MEDIUM). When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
How severe is CVE-2023-46219?
CVE-2023-46219 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-46219?
Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl, Fedoraproject Fedora.