CURL-CVE-2023-28322
- Source
- https://curl.se/docs/CVE-2023-28322.html
- Import Source
- https://curl.se/docs/CURL-CVE-2023-28322.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CURL-CVE-2023-28322
- Aliases
- Published
- 2023-05-17T08:00:00Z
- Modified
- 2025-05-15T17:48:29Z
- Summary
- more POST-after-PUT confusion
- Details
-
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (
CURLOPT_READFUNCTION) to ask for data to send, even when theCURLOPT_POSTFIELDSoption has been set, if the same handle previously was used to issue aPUTrequest which used that callback.This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer.
The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.
- Database specific
{ "package": "curl", "severity": "Low", "affects": "lib", "award": { "amount": "480", "currency": "USD" }, "issue": "https://hackerone.com/reports/1954658", "CWE": { "id": "CWE-440", "desc": "Expected Behavior Violation" }, "URL": "https://curl.se/docs/CVE-2023-28322.json", "www": "https://curl.se/docs/CVE-2023-28322.html", "last_affected": "8.0.1" }- References
-
- Credits
-
-
- Hiroki Kurosawa - FINDER
-
- Daniel Stenberg - REMEDIATION_DEVELOPER
-
Affected packages
Git / github.com/curl/curl.git
Affected ranges
- Type
- SEMVER
- Events
-
Introduced7.7Fixed8.1.0
- Type
- GIT
- Repo
- https://github.com/curl/curl.git
- Events
Affected versions
7.*
7.10
7.10.1
7.10.2
7.10.3
7.10.4
7.10.5
7.10.6
7.10.7
7.10.8
7.11.0
7.11.1
7.11.2
7.12.0
7.12.1
7.12.2
7.12.3
7.13.0
7.13.1
7.13.2
7.14.0
7.14.1
7.15.0
7.15.1
7.15.2
7.15.3
7.15.4
7.15.5
7.16.0
7.16.1
7.16.2
7.16.3
7.16.4
7.17.0
7.17.1
7.18.0
7.18.1
7.18.2
7.19.0
7.19.1
7.19.2
7.19.3
7.19.4
7.19.5
7.19.6
7.19.7
7.20.0
7.20.1
7.21.0
7.21.1
7.21.2
7.21.3
7.21.4
7.21.5
7.21.6
7.21.7
7.22.0
7.23.0
7.23.1
7.24.0
7.25.0
7.26.0
7.27.0
7.28.0
7.28.1
7.29.0
7.30.0
7.31.0
7.32.0
7.33.0
7.34.0
7.35.0
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.40.0
7.41.0
7.42.0
7.42.1
7.43.0
7.44.0
7.45.0
7.46.0
7.47.0
7.47.1
7.48.0
7.49.0
7.49.1
7.50.0
7.50.1
7.50.2
7.50.3
7.51.0
7.52.0
7.52.1
7.53.0
7.53.1
7.54.0
7.54.1
7.55.0
7.55.1
7.56.0
7.56.1
7.57.0
7.58.0
7.59.0
7.60.0
7.61.0
7.61.1
7.62.0
7.63.0
7.64.0
7.64.1
7.65.0
7.65.1
7.65.2
7.65.3
7.66.0
7.67.0
7.68.0
7.69.0
7.69.1
7.7
7.7.1
7.7.2
7.7.3
7.70.0
7.71.0
7.71.1
7.72.0
7.73.0
7.74.0
7.75.0
7.76.0
7.76.1
7.77.0
7.78.0
7.79.0
7.79.1
7.8
7.8.1
7.80.0
7.81.0
7.82.0
7.83.0
7.83.1
7.84.0
7.85.0
7.86.0
7.87.0
7.88.0
7.88.1
7.9
7.9.1
7.9.2
7.9.3
7.9.4
7.9.5
7.9.6
7.9.7
7.9.8
8.*
8.0.0
8.0.1
Database specific
{
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-043f73d8",
"signature_version": "v1",
"target": {
"function": "smtp_perform",
"file": "lib/smtp.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "244918261107793052109216865361578925479",
"length": 778.0
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-14b7289b",
"signature_version": "v1",
"target": {
"function": "Curl_http_method",
"file": "lib/http.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "220506091484597006099477209732636036229",
"length": 792.0
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CURL-CVE-2023-28322-1b34e7e7",
"signature_version": "v1",
"target": {
"file": "lib/vssh/libssh2.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"line_hashes": [
"306559295797139462427140608462790431718",
"300795580838890850523800351283892993686",
"102895367688701322313316984490529345204",
"153026010646255366232225761434975473963",
"53551290540292994927301234873398481549",
"292672040806136278022691802557146088822",
"43165647064246284891730502900628380013",
"317137927473050333745402513068518641350",
"98627802755047458805016072872301366249",
"62233325645386430779467985741383362567",
"225059475048316828632980542230460373581",
"129575501958229283455349617547111268400"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-1b50d21e",
"signature_version": "v1",
"target": {
"function": "ftp_done",
"file": "lib/ftp.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "67779313257680232603889774047580371527",
"length": 4763.0
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CURL-CVE-2023-28322-20d02a2e",
"signature_version": "v1",
"target": {
"file": "lib/curl_rtmp.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"line_hashes": [
"24778642586996919198350454071792151438",
"243376549740215058559402849412367992339",
"67468461037768918238008536799269077568",
"57837591041747779013128411779306425815",
"101110779260168665969066832726474294422",
"330033503187222056768763579282542291969",
"293547233047384075931875398761913618587",
"317246974644712063993117314526905768298"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-26737e94",
"signature_version": "v1",
"target": {
"function": "Curl_follow",
"file": "lib/transfer.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "288781278300809529854392347866278160582",
"length": 5217.0
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CURL-CVE-2023-28322-29d802d0",
"signature_version": "v1",
"target": {
"file": "lib/file.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"line_hashes": [
"97258340398982231510357624542856555117",
"196115888839526329938503681403677964605",
"273300785299348003824334395793287830570",
"128156528103480494126400649259797078194",
"28059685807543615514013021731894781879",
"160008683889397642939799472405576540434",
"237539299431924241034986137759337084800",
"121599147739228614423496608920418378369"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-2afc4437",
"signature_version": "v1",
"target": {
"function": "file_connect",
"file": "lib/file.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "171685106736792789961470164786745312752",
"length": 1553.0
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CURL-CVE-2023-28322-2c492cb4",
"signature_version": "v1",
"target": {
"file": "lib/imap.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"line_hashes": [
"122236050038648953749109026718197225915",
"115972508850464972636156581295222733889",
"198198853453024651175508530235511395764",
"291639395866360380294060003438894566696",
"330355979087240859867538057223240227513",
"251160153308585915230461082082519348129",
"139516654346347765904531592519287917641",
"239461840075973322222100511047443016281",
"102493182166257917182589419964465109245",
"59574024927719700869768496879416592308"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-350f4b88",
"signature_version": "v1",
"target": {
"function": "myssh_statemach_act",
"file": "lib/vssh/libssh.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "127960884474396591090871624350900483473",
"length": 29111.0
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CURL-CVE-2023-28322-3b278a7c",
"signature_version": "v1",
"target": {
"file": "lib/http.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"line_hashes": [
"86204623071547473177451685391049145821",
"78621469095617583409608038713063866738",
"316767198170014934017947292028044373895",
"148900820586371331636624063873094921175",
"165945403193373155485131961913984265985",
"262796508999799236443544456886954968006",
"275864837180829807619883946678933720401",
"263264881148776279498885370297181416437"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CURL-CVE-2023-28322-438b9a26",
"signature_version": "v1",
"target": {
"file": "lib/setopt.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"line_hashes": [
"73718385868193491518011259754153906379",
"317954902085276870531741347511293183092",
"38942211661145621612873810955818533812",
"254689641029217742718913440359729854667",
"221001309097453287709307782738504900509",
"231376410078912789094414895469389252901",
"5037867831267728075510597696684370267",
"249971556975363633503380013182114437989",
"94363566679949485508562463690089553064",
"77238090366588748707057742406822818206",
"232175913486760611009164122817249348957",
"187142349753408961888554692971295220288",
"338183528807122658877245038405259991697"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-46760f7d",
"signature_version": "v1",
"target": {
"function": "Curl_retry_request",
"file": "lib/transfer.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "81110042113651535327744932347778495706",
"length": 1469.0
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CURL-CVE-2023-28322-49adfbcf",
"signature_version": "v1",
"target": {
"file": "lib/rtsp.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"line_hashes": [
"23510561191950165412598934936535456514",
"156432545537744190623688401073931197870",
"139620218542570181503477792645415040972",
"44050332444478604555576307798824989469",
"145251812672091167533772588959212617924",
"199425442384433296092932611725572552350",
"160001442215137755193752576669838746637",
"157819517022997750679342245460004821697"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-56a8c03d",
"signature_version": "v1",
"target": {
"function": "ftp_state_prepare_transfer",
"file": "lib/ftp.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "113786364417183470973370234786478961351",
"length": 979.0
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-5c9ebc35",
"signature_version": "v1",
"target": {
"function": "Curl_vsetopt",
"file": "lib/setopt.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "326929901072702334459263486826219947408",
"length": 58711.0
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CURL-CVE-2023-28322-6d3cb626",
"signature_version": "v1",
"target": {
"file": "lib/smtp.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"line_hashes": [
"317726397137825121809904848290003596993",
"103303034701567556252050259920859358191",
"207342022370722699855465544618548876335",
"233426072141699121041020006462349843062",
"298872821362131266097933973523855950233",
"268318418256143698299718255930566871119",
"28296195549187310469789282479977549919",
"185559217287232509915228558856168289426"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CURL-CVE-2023-28322-71b9d321",
"signature_version": "v1",
"target": {
"file": "lib/tftp.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"line_hashes": [
"296000693530442199113595577470590334318",
"216577282291961582804307418503273235539",
"66294590867383822358121865777524713980",
"67304594511717926572104123795976960502",
"121791898907510934367731659789586805540",
"322273680879923949459868837472578967972",
"86903797096206324874289144035688257384",
"272884887891857536131197173515688291104",
"259980320844907488988680312803509589842",
"315802296546629114519497579129060703847",
"283729880252161123643186515352978535330",
"270922356054491519675196568636674490445",
"315028930385922128961305341252665852266",
"263445799209862313905363651695333886737",
"225869494801670541193375865651653029623",
"309112807493493088109002261068181694188"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-78b592b6",
"signature_version": "v1",
"target": {
"function": "imap_done",
"file": "lib/imap.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "72218618379988761905850116991282306357",
"length": 1096.0
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CURL-CVE-2023-28322-8e3a87f9",
"signature_version": "v1",
"target": {
"file": "lib/vssh/libssh.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"line_hashes": [
"306559295797139462427140608462790431718",
"300795580838890850523800351283892993686",
"102895367688701322313316984490529345204",
"89235024783610348266994755734010075969",
"24673369334574603279300288502985166157",
"69418365403105921722741466474046090738",
"51258361371674217919662326905956397861",
"317137927473050333745402513068518641350",
"978518190664201410547841879078723093",
"124460489667643206340064942671808237758",
"225059475048316828632980542230460373581",
"129575501958229283455349617547111268400"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-8f341fa7",
"signature_version": "v1",
"target": {
"function": "imap_perform",
"file": "lib/imap.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "237455023385217968748399512334889678881",
"length": 1308.0
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-92fd10d7",
"signature_version": "v1",
"target": {
"function": "smb_request_state",
"file": "lib/smb.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "113369540511126264977882734524903335013",
"length": 3872.0
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-9ce61de5",
"signature_version": "v1",
"target": {
"function": "ftp_parse_url_path",
"file": "lib/ftp.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "60975070784805051290682979146127808699",
"length": 2664.0
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-9da016f2",
"signature_version": "v1",
"target": {
"function": "rtmp_do",
"file": "lib/curl_rtmp.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "295634031920807533326270691195499223104",
"length": 415.0
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-9fc43f19",
"signature_version": "v1",
"target": {
"function": "file_do",
"file": "lib/file.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "238171107628096223128946982784769519992",
"length": 3229.0
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-a1b0a247",
"signature_version": "v1",
"target": {
"function": "rtmp_connect",
"file": "lib/curl_rtmp.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "53970224719059667866803241067422526438",
"length": 797.0
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-aaa8a0e0",
"signature_version": "v1",
"target": {
"function": "wssh_statemach_act",
"file": "lib/vssh/wolfssh.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "105182837051338837205902827541102405897",
"length": 10371.0
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CURL-CVE-2023-28322-bd22164e",
"signature_version": "v1",
"target": {
"file": "lib/transfer.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"line_hashes": [
"9669197934497761459791353713337792028",
"324334556226709555596112726078506805405",
"94903948720967045610047635580544457922",
"291381250684477033239924086822395888616",
"214752622107938666009044222914079994607",
"29999463709903209123492605274621971169",
"291413131698588812325444898094845257278",
"198264404388874355682971414348773023071",
"261860191858216613748857478852007108388",
"229787851423935550798609221470683910337",
"281763210011705363107076340253878778202",
"239491792194485428331526952785243578613"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CURL-CVE-2023-28322-c36fd0db",
"signature_version": "v1",
"target": {
"file": "lib/urldata.h"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"line_hashes": [
"230016309546548395354727244599866844762",
"153098179799887194394447740928206724315",
"143611996883691104798553200779547640889",
"243812539181772553999458310418297600425",
"256519995195968343134029580794278243375",
"9754712060005705944960900903577833117",
"195096103454734709555291479417121106325"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-d0623f53",
"signature_version": "v1",
"target": {
"function": "Curl_http_body",
"file": "lib/http.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "216109534114329041341017051443369654594",
"length": 1997.0
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-d3eb5f6b",
"signature_version": "v1",
"target": {
"function": "ssh_statemach_act",
"file": "lib/vssh/libssh2.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "334023911439077442816569278108122106302",
"length": 45297.0
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CURL-CVE-2023-28322-d47856bc",
"signature_version": "v1",
"target": {
"file": "lib/ftp.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"line_hashes": [
"258487047536441149662349490016792769624",
"270143957131094979019246511281447877028",
"181488923961215757240113100534186647783",
"275873969999637199921837779216117213638",
"246285149527680665346639512543057520226",
"336198861496187941564028487685306286853",
"153420353113278296876916077740603409265",
"145748298387603453203696721042779306653",
"167604816648741723478069457087839120339",
"210376030041983133827550374962991044083",
"138886990281914732132749392647544668936",
"253873922962228797635023401687389886362",
"213901607013462814705817410949049609964",
"138398518771243368046794514542706026446",
"235210372475677440757396591639394960964",
"26178373883322156678241666919190225955"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-da2b40fe",
"signature_version": "v1",
"target": {
"function": "rtsp_do",
"file": "lib/rtsp.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "175088334888891999453729338556737009493",
"length": 7619.0
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-df3015bb",
"signature_version": "v1",
"target": {
"function": "tftp_parse_option_ack",
"file": "lib/tftp.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "338970860314804758157067765981235754016",
"length": 1665.0
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-e2bce814",
"signature_version": "v1",
"target": {
"function": "tftp_send_first",
"file": "lib/tftp.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "138807139980154842538164679657347687331",
"length": 3172.0
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-e32ba6e3",
"signature_version": "v1",
"target": {
"function": "ftp_do_more",
"file": "lib/ftp.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "256146428087632970809030220105515209671",
"length": 1894.0
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-f1b74479",
"signature_version": "v1",
"target": {
"function": "Curl_init_CONNECT",
"file": "lib/transfer.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "112679768512969586199757092354428442759",
"length": 144.0
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CURL-CVE-2023-28322-f5272c3e",
"signature_version": "v1",
"target": {
"file": "lib/vssh/wolfssh.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"line_hashes": [
"3054917872141925425333295556026189304",
"78949103107116607409358941056224630057",
"102895367688701322313316984490529345204",
"18735227239498913950206415083092895220"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-f59eeaf3",
"signature_version": "v1",
"target": {
"function": "smb_send_open",
"file": "lib/smb.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "71059853364750689108198986704302060227",
"length": 963.0
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CURL-CVE-2023-28322-f65585c9",
"signature_version": "v1",
"target": {
"function": "smtp_done",
"file": "lib/smtp.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"function_hash": "323689776346641865399283821108483837606",
"length": 1176.0
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CURL-CVE-2023-28322-ffad51e5",
"signature_version": "v1",
"target": {
"file": "lib/smb.c"
},
"source": "https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b",
"digest": {
"line_hashes": [
"257140884129129657956406441653815527181",
"300798382280023878119419473451428195938",
"289853062650714130706901030099562284629",
"123900463012490465217437101681250111928",
"324602536867730361405637347032827601906",
"277789421354370450297115412206566545163",
"101753198903683783238060221040945520329",
"229858858213715013767434456634247144739",
"39688859817162255756879157487236651436",
"146148270000398325249503751245330562443",
"154838603119806179916868187399802048839",
"180444949860080790723725619118067835894"
],
"threshold": 0.9
}
}
]
}