CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0853 – OCSP verification bypass with TLS session reuse
https://notcve.org/view.php?id=CVE-2024-0853
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check. curl inadvertidamente mantuvo el ID de sesión SSL para las conexiones en su caché incluso cuando falló la prueba de verificación del estado (*OCSP stapling*). Una transferencia posterior al mismo nombre de host podría tener éxito si la caché de ID de sesión aún estuviera actualizada, lo que luego omitiría la verificación de estado de verificación. • https://curl.se/docs/CVE-2024-0853.html https://curl.se/docs/CVE-2024-0853.json https://hackerone.com/reports/2298922 https://security.netapp.com/advisory/ntap-20240307-0004 https://security.netapp.com/advisory/ntap-20240426-0009 https://security.netapp.com/advisory/ntap-20240503-0012 • CWE-295: Improper Certificate Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46219 – curl: excessively long file name may lead to unknown HSTS status
https://notcve.org/view.php?id=CVE-2023-46219
When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. Al guardar datos HSTS en un nombre de archivo excesivamente largo, curl podría terminar eliminando todo el contenido, haciendo que las solicitudes posteriores que utilicen ese archivo desconozcan el estado HSTS que de otro modo deberían usar. A security bypass flaw was found in Curl, which can be triggered by saving HSTS data to an excessively long file name. This issue occurs due to an error in handling HSTS long file names, leading to the removal of all contents from the file during the save process, and may allow a remote attacker to send a specially crafted request to use files without awareness of the HSTS status and enable a Man-in-the-Middle (MitM) attack. • https://curl.se/docs/CVE-2023-46219.html https://hackerone.com/reports/2236133 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD https://security.netapp.com/advisory/ntap-20240119-0007 https://www.debian.org/security/2023/dsa-5587 https://access.redhat.com/security/cve/CVE-2023-46219 https://bugzilla.redhat.com/show_bug.cgi?id=2252034 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46218 – curl: information disclosure by exploiting a mixed case flaw
https://notcve.org/view.php?id=CVE-2023-46218
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain. Esta falla permite que un servidor HTTP malicioso establezca "supercookies" en curl que luego se devuelven a más orígenes de los que están permitidos o son posibles. Esto permite que un sitio establezca cookies que luego se enviarán a sitios y dominios diferentes y no relacionados. • https://curl.se/docs/CVE-2023-46218.html https://hackerone.com/reports/2212193 https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD https://security.netapp.com/advisory/ntap-20240125-0007 https://www.debian.org/security/2023/dsa-5587 https://access.redhat • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 2CVE-2023-38039 – curl: out of heap memory issue due to missing limit on header quantity
https://notcve.org/view.php?id=CVE-2023-38039
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. Cuando curl recupera una respuesta HTTP, almacena los encabezados entrantes para que se pueda acceder a ellos más tarde a través de la API de encabezados libcurl. Sin embargo, curl no tenía un límite en cuanto a la cantidad o el tamaño de encabezados que aceptaría en una respuesta, lo que permitía que un servidor malicioso transmitiera una serie interminable de encabezados y, finalmente, provocara que curl se quedara sin memoria dinámica. A flaw was found in the Curl package. Curl allows a malicious server to stream an endless series of headers to a client due to missing limit on header quantity, eventually causing curl to run out of heap memory, which may lead to a crash. • https://github.com/Smartkeyss/CVE-2023-38039 http://seclists.org/fulldisclosure/2023/Oct/17 http://seclists.org/fulldisclosure/2024/Jan/34 http://seclists.org/fulldisclosure/2024/Jan/37 http://seclists.org/fulldisclosure/2024/Jan/38 https://hackerone.com/reports/2072338 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-19909
https://notcve.org/view.php?id=CVE-2020-19909
Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error. Vulnerabilidad de desbordamiento de enteros en "tool_operate.c" en curl v7.65.2 a través de un valor grande como retardo de reintento. NOTA: muchas partes informan de que esto no tiene un impacto directo en la seguridad del usuario de curl: sin embargo, puede (en teoría) causar una denegación de servicio a sistemas o redes asociados si, por ejemplo, --retry-delay se malinterpreta como un valor mucho menor del que se pretendía. • https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves https://github.com/curl/curl/pull/4166 • CWE-190: Integer Overflow or Wraparound •