CVE-2023-46219

MEDIUM

curl - Info Disclosure

Title source: llm

Description

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.

References (6)

[Vendor Advisory] https://curl.se/docs/CVE-2023-46219.html

[Exploit, Third Party Advisory] https://hackerone.com/reports/2236133

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/

[Third Party Advisory] https://www.debian.org/security/2023/dsa-5587

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20240119-0007/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/

Scores

CVSS v3 5.3

EPSS 0.0020

EPSS Percentile 42.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-311

Status published

Products (2)

fedoraproject/fedora 38

haxx/curl 7.84.0 - 8.5.0

Published Dec 12, 2023

Tracked Since Feb 18, 2026