CVE-2023-28319

Name
CVE-2023-28319
Description
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://hackerone.com/reports/1913733
CONFIRM https://security.netapp.com/advisory/ntap-20230609-0009/
Third Party Advisory https://support.apple.com/kb/HT213844
Third Party Advisory https://support.apple.com/kb/HT213843
Third Party Advisory https://support.apple.com/kb/HT213845
Mailing List http://seclists.org/fulldisclosure/2023/Jul/47
Mailing List http://seclists.org/fulldisclosure/2023/Jul/48
Mailing List http://seclists.org/fulldisclosure/2023/Jul/52
Third Party Advisory https://security.gentoo.org/glsa/202310-12

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* curl >= None < 8.1.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status