CVE-2023-28322
Last modified
CVE-2023-28322 is a low-severity vulnerability rated 3.7/10 on the CVSS scale. An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. EPSS estimates a 2.21% chance of exploitation in the next 30 days.
Description
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Haxx | Curl | < 8.1.0 |
| Fedoraproject | Fedora | 37 |
| Fedoraproject | Fedora | 38 |
| Apple | Macos | >= 11.0, < 11.7.9 |
| Apple | Macos | >= 12.0, < 12.6.8 |
| Apple | Macos | >= 13.0, < 13.5 |
| Netapp | Clustered Data Ontap | All versions |
| Netapp | Ontap Antivirus Connector | All versions |
| Netapp | H300s Firmware | All versions |
| Netapp | H500s Firmware | All versions |
| Netapp | H700s Firmware | All versions |
| Netapp | H410s Firmware | All versions |
References
- http://seclists.org/fulldisclosure/2023/Jul/47Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2023/Jul/48Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2023/Jul/52Mailing List, Third Party Advisory
- https://hackerone.com/reports/1954658Exploit, Patch, Third Party Advisory
- https://security.gentoo.org/glsa/202310-12Third Party Advisory
- https://security.netapp.com/advisory/ntap-20230609-0009/Third Party Advisory
- https://support.apple.com/kb/HT213843Third Party Advisory
- https://support.apple.com/kb/HT213844Third Party Advisory
- https://support.apple.com/kb/HT213845Third Party Advisory
- http://seclists.org/fulldisclosure/2023/Jul/47Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2023/Jul/48Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2023/Jul/52Mailing List, Third Party Advisory
- https://hackerone.com/reports/1954658Exploit, Patch, Third Party Advisory
- https://security.gentoo.org/glsa/202310-12Third Party Advisory
- https://security.netapp.com/advisory/ntap-20230609-0009/Third Party Advisory
- https://support.apple.com/kb/HT213843Third Party Advisory
- https://support.apple.com/kb/HT213844Third Party Advisory
- https://support.apple.com/kb/HT213845Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-28322?
How severe is CVE-2023-28322?
How do I fix CVE-2023-28322?
Are you affected by CVE-2023-28322?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST