{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-32001", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "REJECTED", "assignerShortName": "hackerone", "dateReserved": "2023-05-01T01:00:12.220Z", "datePublished": "2023-07-26T20:09:57.905Z", "dateUpdated": "2023-08-27T00:02:01.990Z", "dateRejected": "2023-08-27T00:02:01.990Z"}, "containers": {"cna": {"rejectedReasons": [{"lang": "en", "value": "We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2023-08-27T00:02:01.990Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for."}], "id": "CVE-2023-32001", "lastModified": "2023-11-07T04:14:26.753", "metrics": {}, "published": "2023-07-26T21:15:10.037", "references": [], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "curl: fopen race condition", "id": "2222604", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222604"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-367", "details": ["This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for.", "A flaw was found in the curl package. This race condition modifies the behavior of symbolic link files in affected components which might be followed instead of overwritten when the condition is met, leading to undesired and potentially destructive behavior."], "name": "CVE-2023-32001", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat JBoss Core Services"}], "public_date": "2023-07-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-32001\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32001\nhttps://curl.se/docs/CVE-2023-32001.html"], "statement": "This issue does not affect the Curl package as shipped in Red Hat Enterprise Linux 6, 7, 8, and 9.", "threat_severity": "Moderate", "upstream_fix": "curl 8.2.0"}