CURL-CVE-2023-38039

See a problem?
Please try reporting it to the source first.
Source
https://curl.se/docs/CVE-2023-38039.html
Import Source
https://curl.se/docs/CURL-CVE-2023-38039.json
JSON Data
https://api.test.osv.dev/v1/vulns/CURL-CVE-2023-38039
Aliases
Published
2023-09-13T08:00:00Z
Modified
2025-05-15T17:48:29Z
Summary
HTTP headers eat all memory
Details

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API.

However, curl did not have a limit on the size or quantity of headers it would accept in a response, allowing a malicious server to stream an endless series of headers to a client and eventually cause curl to run out of heap memory.

Database specific 
{
    "package": "curl",
    "CWE": {
        "desc": "Allocation of Resources Without Limits or Throttling",
        "id": "CWE-770"
    },
    "URL": "https://curl.se/docs/CVE-2023-38039.json",
    "last_affected": "8.2.1",
    "severity": "Medium",
    "award": {
        "amount": "2540",
        "currency": "USD"
    },
    "affects": "both",
    "www": "https://curl.se/docs/CVE-2023-38039.html",
    "issue": "https://hackerone.com/reports/2072338"
}
References
Credits
    • selmelc on hackerone - FINDER
    • Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
7.84.0
Fixed
8.3.0
Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
4d94fac9f0d1dd02b8308291e4c47651142dc28b
Fixed
3ee79c1674fd6f99e8efca52cd7510e08b766770

Affected versions

7.*

7.84.0
7.85.0
7.86.0
7.87.0
7.88.0
7.88.1

8.*

8.0.0
8.0.1
8.1.0
8.1.1
8.1.2
8.2.0
8.2.1