CVE-2023-28322

LOW

curl < 8.1.0 - Information Disclosure via Reused Handle PUT-to-POST Transition

Title source: llm
STIX 2.1

Description

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

References (12)

Core 12
Core References
Exploit, Patch, Third Party Advisory
https://hackerone.com/reports/1954658
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2023/Jul/52
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2023/Jul/48
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2023/Jul/47
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202310-12

Scores

CVSS v3 3.7
EPSS 0.0063
EPSS Percentile 70.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-200
Status published
Products (10)
apple/macos 11.0 - 11.7.9
fedoraproject/fedora 37
fedoraproject/fedora 38
haxx/curl < 8.1.0
netapp/clustered_data_ontap
netapp/h300s_firmware
netapp/h410s_firmware
netapp/h500s_firmware
netapp/h700s_firmware
netapp/ontap_antivirus_connector
Published May 26, 2023
Tracked Since Feb 18, 2026