CURL-CVE-2023-46219
- Source
- https://curl.se/docs/CVE-2023-46219.html
- Import Source
- https://curl.se/docs/CURL-CVE-2023-46219.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CURL-CVE-2023-46219
- Aliases
- Published
- 2023-12-06T08:00:00Z
- Modified
- 2024-09-11T06:13:24.128739Z
- Summary
- HSTS long filename clears contents
- Details
-
When saving HSTS data to an excessively long filename, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
- Database specific
{ "severity": "Low", "CWE": { "desc": "Missing Encryption of Sensitive Data", "id": "CWE-311" }, "URL": "https://curl.se/docs/CVE-2023-46219.json", "package": "curl", "award": { "currency": "USD", "amount": "540" }, "issue": "https://hackerone.com/reports/2236133", "last_affected": "8.4.0", "affects": "both", "www": "https://curl.se/docs/CVE-2023-46219.html" }- References
-
- Credits
-
-
- Maksymilian Arciemowicz - FINDER
-
- Daniel Stenberg - REMEDIATION_DEVELOPER
-
Affected packages
Git / github.com/curl/curl.git
Affected ranges
- Type
- SEMVER
- Events
-
Introduced7.84.0Fixed8.5.0
- Type
- GIT
- Repo
- https://github.com/curl/curl.git
- Events
Affected versions
7.*
7.84.0
7.85.0
7.86.0
7.87.0
7.88.0
7.88.1
8.*
8.0.0
8.0.1
8.1.0
8.1.1
8.1.2
8.2.0
8.2.1
8.3.0
8.4.0
Database specific
{
"vanir_signatures": [
{
"target": {
"file": "lib/fopen.c",
"function": "Curl_fopen"
},
"digest": {
"function_hash": "322521448480441824076349091693471863624",
"length": 1181.0
},
"signature_type": "Function",
"source": "https://github.com/curl/curl.git/commit/73b65e94f3531179de45c6f3c836a610e3d0a846",
"deprecated": false,
"id": "CURL-CVE-2023-46219-345f4148",
"signature_version": "v1"
},
{
"target": {
"file": "lib/fopen.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"141771554961623801452922120631762225644",
"82787012570203242169153838112032331236",
"294693242851234537244736533753545159362",
"12424288094917010005575599408517436759",
"124428138736793990568618883161584762487",
"300507652766921692831964778527059029956",
"168911649268973449864992550166069421481",
"106900510572222239508388653374741936645",
"319267685858350145932267975915255711338",
"93967306247015248528650144731437315148",
"72963164035412696461093506355303529437",
"182001560438617645742021710878070899227",
"333765855877198845699797559849505697945",
"183889325021050708559981981758921351838",
"222364463068963623330822235027063156518",
"137965764669989750475839444417327880578",
"105094198410978040163287063016242362114",
"93579072356192464791921231798830910095",
"183150360300328616239417757634531496897",
"87531163363730378660501473877928006252",
"266430157886770284926444102501263520649",
"163315384743240797309299526992266223294",
"185289273960668621851294809427430254831",
"322027284671455959894357038395360261908",
"97553119457857174697571054867947585806",
"41556339523477586271285710666600171980",
"173229717581375388273969815577773595020",
"14957658089440140526234514041175034353"
]
},
"signature_type": "Line",
"source": "https://github.com/curl/curl.git/commit/73b65e94f3531179de45c6f3c836a610e3d0a846",
"deprecated": false,
"id": "CURL-CVE-2023-46219-8fb0e127",
"signature_version": "v1"
}
]
}