UBUNTU-CVE-2023-46219

Source
https://ubuntu.com/security/CVE-2023-46219
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-46219.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-46219
Related
Published
2023-12-06T07:00:00Z
Modified
2024-11-20T12:26:04Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.

References

Affected packages

Ubuntu:20.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.68.0-1ubuntu2.20

Affected versions

7.*

7.65.3-1ubuntu3
7.65.3-1ubuntu4
7.66.0-1ubuntu1
7.67.0-2ubuntu1
7.68.0-1ubuntu1
7.68.0-1ubuntu2
7.68.0-1ubuntu2.1
7.68.0-1ubuntu2.2
7.68.0-1ubuntu2.4
7.68.0-1ubuntu2.5
7.68.0-1ubuntu2.6
7.68.0-1ubuntu2.7
7.68.0-1ubuntu2.10
7.68.0-1ubuntu2.11
7.68.0-1ubuntu2.12
7.68.0-1ubuntu2.13
7.68.0-1ubuntu2.14
7.68.0-1ubuntu2.15
7.68.0-1ubuntu2.16
7.68.0-1ubuntu2.18
7.68.0-1ubuntu2.19

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "7.68.0-1ubuntu2.20",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.20",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.20",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.20",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.20",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.20",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.20",
            "binary_name": "libcurl4"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.20",
            "binary_name": "libcurl4-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.20",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.20",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.20",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.20",
            "binary_name": "libcurl4-openssl-dev"
        }
    ],
    "priority_reason": "Upstream determined this is a low-priority issue"
}

Ubuntu:22.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.81.0-1ubuntu1.14

Affected versions

7.*

7.74.0-1.3ubuntu2
7.74.0-1.3ubuntu3
7.80.0-3
7.81.0-1
7.81.0-1ubuntu1.1
7.81.0-1ubuntu1.2
7.81.0-1ubuntu1.3
7.81.0-1ubuntu1.4
7.81.0-1ubuntu1.6
7.81.0-1ubuntu1.7
7.81.0-1ubuntu1.8
7.81.0-1ubuntu1.10
7.81.0-1ubuntu1.11
7.81.0-1ubuntu1.13

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "7.81.0-1ubuntu1.14",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.14",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.14",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.14",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.14",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.14",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.14",
            "binary_name": "libcurl4"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.14",
            "binary_name": "libcurl4-dbgsym"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.14",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.14",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.14",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.14",
            "binary_name": "libcurl4-openssl-dev"
        }
    ],
    "priority_reason": "Upstream determined this is a low-priority issue"
}

Ubuntu:24.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.0-2ubuntu1

Affected versions

8.*

8.2.1-1ubuntu3
8.2.1-1ubuntu3.1
8.4.0-2ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "8.5.0-2ubuntu1",
            "binary_name": "curl"
        },
        {
            "binary_version": "8.5.0-2ubuntu1",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "8.5.0-2ubuntu1",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "8.5.0-2ubuntu1",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "8.5.0-2ubuntu1",
            "binary_name": "libcurl4"
        },
        {
            "binary_version": "8.5.0-2ubuntu1",
            "binary_name": "libcurl4-dbgsym"
        },
        {
            "binary_version": "8.5.0-2ubuntu1",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "8.5.0-2ubuntu1",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "8.5.0-2ubuntu1",
            "binary_name": "libcurl4-openssl-dev"
        }
    ],
    "priority_reason": "Upstream determined this is a low-priority issue"
}