CVE-2023-38039
HIGHcurl 7.84.0-8.2.0 - Denial of Service via Unbounded HTTP Response Header Storage
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2023-38039. PoCs published by Smartkeyss.
AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-38039, which targets a memory exhaustion vulnerability in curl via excessive HTTP headers. The exploit server sends a large number of headers to exhaust memory, and a monitoring script tracks curl's memory usage during the attack.
Description
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory.
Exploits (1)
This repository contains a functional exploit for CVE-2023-38039, which targets a memory exhaustion vulnerability in curl via excessive HTTP headers. The exploit server sends a large number of headers to exhaust memory, and a monitoring script tracks curl's memory usage during the attack.
References (15)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H