IM
IronMonkey Threat Research

CVE-2023-46219 MEDIUM

Published: 2023-12-12 | Last Modified: 2026-05-12 | Status: Modified

Description

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.

Additional Descriptions (1)

Al guardar datos HSTS en un nombre de archivo excesivamente largo, curl podría terminar eliminando todo el contenido, haciendo que las solicitudes posteriores que utilicen ese archivo desconozcan el estado HSTS que de otro modo deberían usar.

CVSS Metrics

Base Score: 5.3 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactLOW
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 1.4

Weaknesses

Source Type Description
[email protected] Primary
en CWE-311
134c704f-9b21-4f2e-91b3-4a467353bcc0 Secondary
en CWE-311

Affected Products

Vendor Product Version Update Type
haxx curl * <built-in method update of dict object at 0x702bdcf6a1c0> Application
fedoraproject fedora 38 <built-in method update of dict object at 0x702bdcf6ae00> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

References

Notification
Message here