When saving HSTS data to an excessively long file name, curl could end up
removing all contents, making subsequent requests using that file unaware of
the HSTS status they should otherwise use.
References
Link | Resource |
---|---|
https://curl.se/docs/CVE-2023-46219.html | Vendor Advisory |
https://hackerone.com/reports/2236133 | Exploit Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/ | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20240119-0007/ | |
https://www.debian.org/security/2023/dsa-5587 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2023-12-12T01:38:41.376Z
Updated: 2023-12-12T01:38:41.376Z
Reserved: 2023-10-19T01:00:12.854Z
Link: CVE-2023-46219
JSON object: View
NVD Information
Status : Modified
Published: 2023-12-12T02:15:06.990
Modified: 2024-01-19T16:15:09.430
Link: CVE-2023-46219
JSON object: View
Redhat Information
No data.
CWE