Skip to main content

Curl CVE-2023-28319

HIGH
Use After Free (CWE-416)
2023-05-26 support@hackerone.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 26, 2023 - 21:15 nvd
HIGH 7.5

DescriptionNVD

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.

AnalysisAI

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. Affected products include: Haxx Curl, Apple Macos, Netapp Clustered Data Ontap, Netapp Ontap Antivirus Connector, Netapp H300S Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.

More in Curl

View all
CVE-2013-0249 HIGH POC
7.5 Mar 08

Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7

CVE-2015-3145 HIGH
7.5 Apr 24

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which

CVE-2022-32221 CRITICAL POC
9.8 Dec 05

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data t

CVE-2022-32207 CRITICAL POC
9.8 Jul 07

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the

CVE-2018-0500 CRITICAL POC
9.8 Jul 11

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that mig

CVE-2023-23914 CRITICAL POC
9.1 Feb 23

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functional

CVE-2023-27534 HIGH POC
8.8 Mar 30

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly re

CVE-2023-27533 HIGH POC
8.8 Mar 30

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an atta

CVE-2025-0665 HIGH POC
7.0 Feb 05

A double-close vulnerability exists in libcurl when tearing down connection channels after threaded name resolution, cau

CVE-2022-27778 HIGH POC
8.1 Jun 02

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used

CVE-2021-22901 HIGH POC
8.1 Jun 11

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when

CVE-2020-8177 HIGH POC
7.8 Dec 14

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead to

Share

CVE-2023-28319 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy