{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-46219", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2023-10-19T01:00:12.854Z", "datePublished": "2023-12-12T01:38:41.376Z", "dateUpdated": "2024-08-02T20:37:40.116Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "When saving HSTS data to an excessively long file name, curl could end up\nremoving all contents, making subsequent requests using that file unaware of\nthe HSTS status they should otherwise use.\n"}], "affected": [{"vendor": "curl", "product": "curl", "versions": [{"version": "8.4.0", "status": "affected", "lessThanOrEqual": "8.4.0", "versionType": "semver"}, {"version": "7.84.0", "status": "unaffected", "lessThan": "7.84.0", "versionType": "semver"}]}], "references": [{"url": "https://hackerone.com/reports/2236133"}, {"url": "https://curl.se/docs/CVE-2023-46219.html"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/"}, {"url": "https://www.debian.org/security/2023/dsa-5587"}, {"url": "https://security.netapp.com/advisory/ntap-20240119-0007/"}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2023-12-12T01:38:41.376Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:37:40.116Z"}, "title": "CVE Program Container", "references": [{"url": "https://hackerone.com/reports/2236133", "tags": ["x_transferred"]}, {"url": "https://curl.se/docs/CVE-2023-46219.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5587", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240119-0007/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CB1957F-EDD4-4112-BD94-54D30FDE6E5B", "versionEndExcluding": "8.5.0", "versionStartIncluding": "7.84.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When saving HSTS data to an excessively long file name, curl could end up\nremoving all contents, making subsequent requests using that file unaware of\nthe HSTS status they should otherwise use.\n"}, {"lang": "es", "value": "Al guardar datos HSTS en un nombre de archivo excesivamente largo, curl podr\u00eda terminar eliminando todo el contenido, haciendo que las solicitudes posteriores que utilicen ese archivo desconozcan el estado HSTS que de otro modo deber\u00edan usar."}], "id": "CVE-2023-46219", "lastModified": "2024-01-19T16:15:09.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-12T02:15:06.990", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://curl.se/docs/CVE-2023-46219.html"}, {"source": "support@hackerone.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hackerone.com/reports/2236133"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/"}, {"source": "support@hackerone.com", "url": "https://security.netapp.com/advisory/ntap-20240119-0007/"}, {"source": "support@hackerone.com", "url": "https://www.debian.org/security/2023/dsa-5587"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Daniel Stenberg (patched) and Maksymilian Arciemowicz (reported) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2024:1316", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-curl-0:8.6.0-3.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2024-03-18T00:00:00Z"}, {"advisory": "RHSA-2024:1316", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-curl-0:8.6.0-3.el7jbcs", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2024-03-18T00:00:00Z"}, {"advisory": "RHSA-2024:1317", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "curl", "product_name": "Red Hat JBoss Core Services 1", "release_date": "2024-03-18T00:00:00Z"}], "bugzilla": {"description": "curl: excessively long file name may lead to unknown HSTS status", "id": "2252034", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252034"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-311", "details": ["When saving HSTS data to an excessively long file name, curl could end up\nremoving all contents, making subsequent requests using that file unaware of\nthe HSTS status they should otherwise use.", "A security bypass flaw was found in Curl, which can be triggered by saving HSTS data to an excessively long file name. This issue occurs due to an error in handling HSTS long file names, leading to the removal of all contents from the file during the save process, and may allow a remote attacker to send a specially crafted request to use files without awareness of the HSTS status and enable a Man-in-the-Middle (MitM) attack."], "name": "CVE-2023-46219", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "puppet-agent", "product_name": "Red Hat Satellite 6"}], "public_date": "2023-12-06T07:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-46219\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-46219\nhttps://curl.se/docs/CVE-2023-46219.html"], "threat_severity": "Moderate", "upstream_fix": "curl 8.5.0"}