libcurl provides several different backends for resolving hostnames, selected
at build time. If it is built to use the synchronous resolver, it allows name
resolves to time-out slow operations using alarm()
and siglongjmp()
.
When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.
{ "issue": "https://hackerone.com/reports/1929597", "award": { "amount": "480", "currency": "USD" }, "package": "curl", "last_affected": "8.0.1", "www": "https://curl.se/docs/CVE-2023-28320.html", "URL": "https://curl.se/docs/CVE-2023-28320.json", "affects": "lib", "CWE": { "desc": "Improper Synchronization", "id": "CWE-662" }, "severity": "Low" }
{ "vanir_signatures": [ { "source": "https://github.com/curl/curl.git/commit/13718030ad4b3209a7583b4f27f683cd3a6fa5f2", "deprecated": false, "signature_type": "Line", "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "283258619443369758452086874976551086282", "121936838467444647657318452219757000709", "247646888058421310640421957552875963192", "286525491516044047541513178293818312180", "50035147135556071914751473867996997039", "193835399249291899032021760430948152705", "207828755606904047829573123970923045779", "81370743706062931358801952691125996802", "249186086637486552515111953072156234063", "328891460933912972369878433911601836268", "67949404355840492349118776286053533367", "115617167124307632986698130414800913904", "224406317650944904426169011016550815159", "205436267014276535737795570081430003290", "271831745145625465732623324140517984448", "283792094845170139656042657687200455670", "25376866905598318983192313641098571612", "20893781658787869202328702021990935069", "47804619708803871720584697045341841861", "275329750890998700276072857030451348664" ] }, "target": { "file": "lib/hostip.c" }, "id": "CURL-CVE-2023-28320-292fde32" }, { "source": "https://github.com/curl/curl.git/commit/13718030ad4b3209a7583b4f27f683cd3a6fa5f2", "deprecated": false, "signature_type": "Function", "signature_version": "v1", "digest": { "length": 2181.0, "function_hash": "166424419131360272668421286654252876677" }, "target": { "file": "lib/hostip.c", "function": "Curl_resolv_timeout" }, "id": "CURL-CVE-2023-28320-94ed09a9" } ] }