CVE-2023-28322

CVSS V2 None CVSS V3 None

Description

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

Overview

CVE ID
CVE-2023-28322

Assigner
hackerone

Vulnerability Status
PUBLISHED

Published Version
2023-05-26T00:00:00

Last Modified Date
2023-12-22T16:06:14.746366

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

References

Reference URL	Reference Tags
https://hackerone.com/reports/1954658
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/	vendor-advisory
https://security.netapp.com/advisory/ntap-20230609-0009/
https://support.apple.com/kb/HT213843
https://support.apple.com/kb/HT213844
https://support.apple.com/kb/HT213845
http://seclists.org/fulldisclosure/2023/Jul/52	mailing-list
http://seclists.org/fulldisclosure/2023/Jul/48	mailing-list
http://seclists.org/fulldisclosure/2023/Jul/47	mailing-list
https://security.gentoo.org/glsa/202310-12	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html	mailing-list

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-28322
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 10:39:52				Added to TrackCVE