CURL-CVE-2023-28319

See a problem?
Please try reporting it to the source first.
Source
https://curl.se/docs/CVE-2023-28319.html
Import Source
https://curl.se/docs/CURL-CVE-2023-28319.json
JSON Data
https://api.test.osv.dev/v1/vulns/CURL-CVE-2023-28319
Aliases
Published
2023-05-17T08:00:00Z
Modified
2026-05-21T06:00:04.898373140Z
Summary
UAF in SSH sha256 fingerprint check
Details

libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash.

This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.

Database specific 
{
    "package": "curl",
    "CWE": {
        "id": "CWE-416",
        "desc": "Use After Free"
    },
    "URL": "https://curl.se/docs/CVE-2023-28319.json",
    "severity": "Medium",
    "issue": "https://hackerone.com/reports/1913733",
    "last_affected": "8.0.1",
    "affects": "both",
    "www": "https://curl.se/docs/CVE-2023-28319.html",
    "award": {
        "amount": "2400",
        "currency": "USD"
    }
}
References
Credits
    • Wei Chong Tan - FINDER
    • Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.81.0
Fixed
8.1.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
3467e89bb97e6c87c77e82a046c59cb4b2d29a74
Fixed
8e21b1a05f3c0ee098dbcb6c3d84cb61f102a122

Affected versions

7.*
7.81.0
7.82.0
7.83.0
7.83.1
7.84.0
7.85.0
7.86.0
7.87.0
7.88.0
7.88.1
8.*
8.0.0
8.0.1
Other
curl-7_81_0
curl-7_82_0
curl-7_83_0
curl-7_83_1
curl-7_84_0
curl-7_85_0
curl-7_86_0
curl-7_87_0
curl-7_88_0
curl-7_88_1
curl-8_0_0
curl-8_0_1

Database specific

source 
"https://curl.se/docs/CURL-CVE-2023-28319.json"