IM
IronMonkey Threat Research

CVE-2023-46218 MEDIUM

Published: 2023-12-07 | Last Modified: 2026-05-12 | Status: Modified

Description

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.

Additional Descriptions (1)

Esta falla permite que un servidor HTTP malicioso establezca "supercookies" en curl que luego se devuelven a más orígenes de los que están permitidos o son posibles. Esto permite que un sitio establezca cookies que luego se enviarán a sitios y dominios diferentes y no relacionados. Podría hacer esto explotando una falla de mayúsculas y minúsculas en la función de curl que verifica un dominio de cookie determinado con Public Suffix List (PSL). Por ejemplo, una cookie podría configurarse con `domain=co.UK` cuando la URL utilizaba un nombre de host en minúscula `curl.co.uk`, aunque `co.uk` aparezca como un dominio PSL.

CVSS Metrics

Base Score: 6.5 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactLOW
Integrity ImpactLOW
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 2.5

Weaknesses

Source Type Description
[email protected] Primary
en NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0 Secondary
en CWE-178

Affected Products

Vendor Product Version Update Type
haxx curl * <built-in method update of dict object at 0x702bdd868680> Application
fedoraproject fedora 39 <built-in method update of dict object at 0x702bdcf69b00> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

References

Notification
Message here