CURL-CVE-2023-28320

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2023-28320.html

Import Source

https://curl.se/docs/CURL-CVE-2023-28320.json

JSON Data

https://api.test.osv.dev/v1/vulns/CURL-CVE-2023-28320

Aliases

CVE-2023-28320

Published

2023-05-17T08:00:00Z

Modified

2025-05-15T17:48:29Z

Summary

siglongjmp race condition

Details

libcurl provides several different backends for resolving hostnames, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm() and siglongjmp().

When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.

Database specific

{
    "last_affected": "8.0.1",
    "award": {
        "amount": "480",
        "currency": "USD"
    },
    "package": "curl",
    "URL": "https://curl.se/docs/CVE-2023-28320.json",
    "severity": "Low",
    "CWE": {
        "desc": "Improper Synchronization",
        "id": "CWE-662"
    },
    "issue": "https://hackerone.com/reports/1929597",
    "affects": "lib",
    "www": "https://curl.se/docs/CVE-2023-28320.html"
}

References

Credits

- Harry Sintonen - FINDER
- Harry Sintonen - REMEDIATION_DEVELOPER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.9.8

Fixed

8.1.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

3c49b405de4fbf1fd7127f91908261268640e54f

Fixed

13718030ad4b3209a7583b4f27f683cd3a6fa5f2

Affected versions

7.*

7.10

7.10.1

7.10.2

7.10.3

7.10.4

7.10.5

7.10.6

7.10.7

7.10.8

7.11.0

7.11.1

7.11.2

7.12.0

7.12.1

7.12.2

7.12.3

7.13.0

7.13.1

7.13.2

7.14.0

7.14.1

7.15.0

7.15.1

7.15.2

7.15.3

7.15.4

7.15.5

7.16.0

7.16.1

7.16.2

7.16.3

7.16.4

7.17.0

7.17.1

7.18.0

7.18.1

7.18.2

7.19.0

7.19.1

7.19.2

7.19.3

7.19.4

7.19.5

7.19.6

7.19.7

7.20.0

7.20.1

7.21.0

7.21.1

7.21.2

7.21.3

7.21.4

7.21.5

7.21.6

7.21.7

7.22.0

7.23.0

7.23.1

7.24.0

7.25.0

7.26.0

7.27.0

7.28.0

7.28.1

7.29.0

7.30.0

7.31.0

7.32.0

7.33.0

7.34.0

7.35.0

7.36.0

7.37.0

7.37.1

7.38.0

7.39.0

7.40.0

7.41.0

7.42.0

7.42.1

7.43.0

7.44.0

7.45.0

7.46.0

7.47.0

7.47.1

7.48.0

7.49.0

7.49.1

7.50.0

7.50.1

7.50.2

7.50.3

7.51.0

7.52.0

7.52.1

7.53.0

7.53.1

7.54.0

7.54.1

7.55.0

7.55.1

7.56.0

7.56.1

7.57.0

7.58.0

7.59.0

7.60.0

7.61.0

7.61.1

7.62.0

7.63.0

7.64.0

7.64.1

7.65.0

7.65.1

7.65.2

7.65.3

7.66.0

7.67.0

7.68.0

7.69.0

7.69.1

7.70.0

7.71.0

7.71.1

7.72.0

7.73.0

7.74.0

7.75.0

7.76.0

7.76.1

7.77.0

7.78.0

7.79.0

7.79.1

7.80.0

7.81.0

7.82.0

7.83.0

7.83.1

7.84.0

7.85.0

7.86.0

7.87.0

7.88.0

7.88.1

7.9.8

8.*

8.0.0

8.0.1