CVE-2023-27537

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.

*Credits: N/A

CVSS Scores

NISTv3.1 5.9

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-03-02 CVE Reserved
2023-03-30 CVE Published
2024-08-02 CVE Updated
2024-08-02 First Exploit
2024-11-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-415: Double Free

CAPEC

References (3)

URL	Tag	Source
https://security.netapp.com/advisory/ntap-20230420-0010	Third Party Advisory

URL	Date	SRC
https://hackerone.com/reports/1897203	2024-08-02

URL	Date	SRC

URL	Date	SRC
https://security.gentoo.org/glsa/202310-12	2024-03-27

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Netapp Search vendor "Netapp"	H300s Firmware Search vendor "Netapp" for product "H300s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H300s Search vendor "Netapp" for product "H300s"	-	-	Safe
Netapp Search vendor "Netapp"	H500s Firmware Search vendor "Netapp" for product "H500s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H500s Search vendor "Netapp" for product "H500s"	-	-	Safe
Netapp Search vendor "Netapp"	H700s Firmware Search vendor "Netapp" for product "H700s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H700s Search vendor "Netapp" for product "H700s"	-	-	Safe
Netapp Search vendor "Netapp"	H410s Firmware Search vendor "Netapp" for product "H410s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H410s Search vendor "Netapp" for product "H410s"	-	-	Safe
Haxx Search vendor "Haxx"		Libcurl Search vendor "Haxx" for product "Libcurl"				7.88.0 Search vendor "Haxx" for product "Libcurl" and version "7.88.0"		-		Affected
Haxx Search vendor "Haxx"		Libcurl Search vendor "Haxx" for product "Libcurl"				7.88.1 Search vendor "Haxx" for product "Libcurl" and version "7.88.1"		-		Affected
Netapp Search vendor "Netapp"		Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager"				-		vmware_vsphere		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				9.0 Search vendor "Netapp" for product "Clustered Data Ontap" and version "9.0"		-		Affected
Broadcom Search vendor "Broadcom"		Brocade Fabric Operating System Firmware Search vendor "Broadcom" for product "Brocade Fabric Operating System Firmware"				-		-		Affected
Splunk Search vendor "Splunk"		Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder"				>= 8.2.0 < 8.2.12 Search vendor "Splunk" for product "Universal Forwarder" and version " >= 8.2.0 < 8.2.12"		-		Affected
Splunk Search vendor "Splunk"		Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder"				>= 9.0.0 < 9.0.6 Search vendor "Splunk" for product "Universal Forwarder" and version " >= 9.0.0 < 9.0.6"		-		Affected
Splunk Search vendor "Splunk"		Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder"				9.1.0 Search vendor "Splunk" for product "Universal Forwarder" and version "9.1.0"		-		Affected