CVE-2023-46219

Name

CVE-2023-46219

Description

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
support@hackerone.com	https://curl.se/docs/CVE-2023-46219.html
support@hackerone.com	https://hackerone.com/reports/2236133
support@hackerone.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/
support@hackerone.com	https://www.debian.org/security/2023/dsa-5587
support@hackerone.com	https://security.netapp.com/advisory/ntap-20240119-0007/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:haxx:curl::::::::`	curl	>= 7.84.0	< 8.5.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
curl	edge-main	8.5.0-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
curl	edge-main	8.4.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	8.3.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	8.1.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	8.0.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	7.88.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	7.87.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	7.86.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	7.85.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	7.84.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.22-main	8.5.0-r0	None	fixed
curl	3.22-main	8.4.0-r0	None	possibly vulnerable
curl	3.22-main	8.3.0-r0	None	possibly vulnerable
curl	3.22-main	8.1.0-r0	None	possibly vulnerable
curl	3.22-main	8.0.0-r0	None	possibly vulnerable
curl	3.22-main	7.88.0-r0	None	possibly vulnerable
curl	3.22-main	7.87.0-r0	None	possibly vulnerable
curl	3.22-main	7.86.0-r0	None	possibly vulnerable
curl	3.22-main	7.85.0-r0	None	possibly vulnerable
curl	3.22-main	7.84.0-r0	None	possibly vulnerable
curl	3.21-main	8.5.0-r0	None	fixed
curl	3.21-main	8.4.0-r0	None	possibly vulnerable
curl	3.21-main	8.3.0-r0	None	possibly vulnerable
curl	3.21-main	8.1.0-r0	None	possibly vulnerable
curl	3.21-main	8.0.0-r0	None	possibly vulnerable
curl	3.21-main	7.88.0-r0	None	possibly vulnerable
curl	3.21-main	7.87.0-r0	None	possibly vulnerable
curl	3.21-main	7.86.0-r0	None	possibly vulnerable
curl	3.21-main	7.85.0-r0	None	possibly vulnerable
curl	3.21-main	7.84.0-r0	None	possibly vulnerable
curl	3.20-main	8.5.0-r0	None	fixed
curl	3.20-main	8.4.0-r0	None	possibly vulnerable
curl	3.20-main	8.3.0-r0	None	possibly vulnerable
curl	3.20-main	8.1.0-r0	None	possibly vulnerable
curl	3.20-main	8.0.0-r0	None	possibly vulnerable
curl	3.20-main	7.88.0-r0	None	possibly vulnerable
curl	3.20-main	7.87.0-r0	None	possibly vulnerable
curl	3.20-main	7.86.0-r0	None	possibly vulnerable
curl	3.20-main	7.85.0-r0	None	possibly vulnerable
curl	3.20-main	7.84.0-r0	None	possibly vulnerable
curl	3.19-main	8.5.0-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
curl	3.19-main	8.4.0-r0	None	possibly vulnerable
curl	3.19-main	8.3.0-r0	None	possibly vulnerable
curl	3.19-main	8.1.0-r0	None	possibly vulnerable
curl	3.19-main	8.0.0-r0	None	possibly vulnerable
curl	3.19-main	7.88.0-r0	None	possibly vulnerable
curl	3.19-main	7.87.0-r0	None	possibly vulnerable
curl	3.19-main	7.86.0-r0	None	possibly vulnerable
curl	3.19-main	7.85.0-r0	None	possibly vulnerable
curl	3.19-main	7.84.0-r0	None	possibly vulnerable
curl	3.18-main	8.5.0-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
curl	3.17-main	8.5.0-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed