CVE-2023-46219
MediumVulnerability Description
When saving HSTS data to an excessively long file name, curl could end up
removing all contents, making subsequent requests using that file unaware of
the HSTS status they should otherwise use.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Known Affected Software
1 configuration(s) from 1 vendor(s)
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
2024-Dec-CVE-2023-46219
CVE-2023-46219: None
2024-Oct-CVE-2023-46219
CVE-2023-46219: None
2023-Dec-CVE-2023-46219
CVE-2023-46219: When saving HSTS data to an excessively long file name curl could end up removing all contents making subsequent requests using that file unaware of the HSTS status they should otherwise use.
2024-Nov-CVE-2023-46219
CVE-2023-46219: None
CPUJAN2025
Oracle Critical Patch Update Advisory - January 2025
References & Resources
-
https://curl.se/docs/CVE-2023-46219.htmlsupport@hackerone.com Vendor Advisory
-
https://hackerone.com/reports/2236133support@hackerone.com Exploit Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/support@hackerone.com Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20240119-0007/support@hackerone.com
-
https://www.debian.org/security/2023/dsa-5587support@hackerone.com
-
https://curl.se/docs/CVE-2023-46219.htmlaf854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
https://hackerone.com/reports/2236133af854a3a-2127-422b-91ae-364da2661108 Exploit Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/af854a3a-2127-422b-91ae-364da2661108
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20240119-0007/af854a3a-2127-422b-91ae-364da2661108
-
https://www.debian.org/security/2023/dsa-5587af854a3a-2127-422b-91ae-364da2661108
Severity Details
Weakness Type (CWE)
Missing Encryption of Sensitive Data
- Description
- The product does not encrypt sensitive or critical information before storage or transmission.
- Exploit Likelihood
- High
- Typical Severity
- Medium
- Abstraction Level
- Class
Key Information
- Published Date
- December 12, 2023
