CVE-2023-46218
curl: information disclosure by exploiting a mixed case flaw
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
This flaw allows a malicious HTTP server to set "super cookies" in curl that
are then passed back to more origins than what is otherwise allowed or
possible. This allows a site to set cookies that then would get sent to
different and unrelated sites and domains.
It could do this by exploiting a mixed case flaw in curl's function that
verifies a given cookie domain against the Public Suffix List (PSL). For
example a cookie could be set with `domain=co.UK` when the URL used a lower
case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.
Esta falla permite que un servidor HTTP malicioso establezca "supercookies" en curl que luego se devuelven a más orígenes de los que están permitidos o son posibles. Esto permite que un sitio establezca cookies que luego se enviarán a sitios y dominios diferentes y no relacionados. Podría hacer esto explotando una falla de mayúsculas y minúsculas en la función de curl que verifica un dominio de cookie determinado con Public Suffix List (PSL). Por ejemplo, una cookie podría configurarse con `domain=co.UK` cuando la URL utilizaba un nombre de host en minúscula `curl.co.uk`, aunque `co.uk` aparezca como un dominio PSL.
A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set "super cookies" in curl that are passed back to more origins than what is otherwise allowed or possible.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-10-19 CVE Reserved
- 2023-12-07 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-201: Insertion of Sensitive Information Into Sent Data
CAPEC
References (9)
URL | Date | SRC |
---|---|---|
https://hackerone.com/reports/2212193 | 2024-08-02 |
URL | Date | SRC |
---|---|---|
https://curl.se/docs/CVE-2023-46218.html | 2024-01-25 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-46218 | 2024-05-01 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2252030 | 2024-05-01 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | >= 7.46.0 <= 8.4.0 Search vendor "Haxx" for product "Curl" and version " >= 7.46.0 <= 8.4.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 39 Search vendor "Fedoraproject" for product "Fedora" and version "39" | - |
Affected
|