CURL-CVE-2023-46219
- Source
- https://curl.se/docs/CVE-2023-46219.html
- Import Source
- https://curl.se/docs/CURL-CVE-2023-46219.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CURL-CVE-2023-46219
- Aliases
- Published
- 2023-12-06T08:00:00Z
- Modified
- 2026-05-29T05:40:21.470483Z
- Summary
- HSTS long filename clears contents
- Details
-
When saving HSTS data to an excessively long filename, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
- Database specific
{ "URL": "https://curl.se/docs/CVE-2023-46219.json", "www": "https://curl.se/docs/CVE-2023-46219.html", "CWE": { "desc": "Missing Encryption of Sensitive Data", "id": "CWE-311" }, "issue": "https://hackerone.com/reports/2236133", "severity": "Low", "last_affected": "8.4.0", "award": { "currency": "USD", "amount": "540" }, "affects": "both", "package": "curl" }- References
-
- Credits
-
-
- Maksymilian Arciemowicz - FINDER
-
- Daniel Stenberg - REMEDIATION_DEVELOPER
-
Affected packages
Git / github.com/curl/curl.git
Affected ranges
- Type
- SEMVER
- Events
-
Introduced7.84.0Fixed8.5.0
- Type
- GIT
- Repo
- https://github.com/curl/curl.git
- Events
Affected versions
7.*
7.84.0
7.85.0
7.86.0
7.87.0
7.88.0
7.88.1
8.*
8.0.0
8.0.1
8.1.0
8.1.1
8.1.2
8.2.0
8.2.1
8.3.0
8.4.0
Other
curl-7_84_0
curl-7_85_0
curl-7_86_0
curl-7_87_0
curl-7_88_0
curl-7_88_1
curl-8_0_0
curl-8_0_1
curl-8_1_0
curl-8_1_1
curl-8_1_2
curl-8_2_0
curl-8_2_1
curl-8_3_0
curl-8_4_0
tiny-curl-8_4_0
Database specific
vanir_signatures
[
{
"target": {
"function": "Curl_fopen",
"file": "lib/fopen.c"
},
"digest": {
"function_hash": "322521448480441824076349091693471863624",
"length": 1181.0
},
"deprecated": false,
"source": "https://github.com/curl/curl.git/commit/73b65e94f3531179de45c6f3c836a610e3d0a846",
"signature_version": "v1",
"id": "CURL-CVE-2023-46219-345f4148",
"signature_type": "Function"
},
{
"target": {
"file": "lib/fopen.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"141771554961623801452922120631762225644",
"82787012570203242169153838112032331236",
"294693242851234537244736533753545159362",
"12424288094917010005575599408517436759",
"124428138736793990568618883161584762487",
"300507652766921692831964778527059029956",
"168911649268973449864992550166069421481",
"106900510572222239508388653374741936645",
"319267685858350145932267975915255711338",
"93967306247015248528650144731437315148",
"72963164035412696461093506355303529437",
"182001560438617645742021710878070899227",
"333765855877198845699797559849505697945",
"183889325021050708559981981758921351838",
"222364463068963623330822235027063156518",
"137965764669989750475839444417327880578",
"105094198410978040163287063016242362114",
"93579072356192464791921231798830910095",
"183150360300328616239417757634531496897",
"87531163363730378660501473877928006252",
"266430157886770284926444102501263520649",
"163315384743240797309299526992266223294",
"185289273960668621851294809427430254831",
"322027284671455959894357038395360261908",
"97553119457857174697571054867947585806",
"41556339523477586271285710666600171980",
"173229717581375388273969815577773595020",
"14957658089440140526234514041175034353"
]
},
"deprecated": false,
"source": "https://github.com/curl/curl.git/commit/73b65e94f3531179de45c6f3c836a610e3d0a846",
"signature_version": "v1",
"id": "CURL-CVE-2023-46219-8fb0e127",
"signature_type": "Line"
}
]
source
"https://curl.se/docs/CURL-CVE-2023-46219.json"
vanir_signatures_modified
"2026-05-29T05:40:21Z"