CVE-2023-46219

Name
CVE-2023-46219
Description
When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
support@hackerone.com https://curl.se/docs/CVE-2023-46219.html
support@hackerone.com https://hackerone.com/reports/2236133
support@hackerone.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/
support@hackerone.com https://www.debian.org/security/2023/dsa-5587
support@hackerone.com https://security.netapp.com/advisory/ntap-20240119-0007/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* curl >= 7.84.0 < 8.5.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
curl 3.16-main 8.5.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
curl 3.15-main 8.5.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed