An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2023/Jul/47 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2023/Jul/48 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2023/Jul/52 | Mailing List Third Party Advisory |
https://hackerone.com/reports/1954658 | Exploit Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/ | |
https://security.gentoo.org/glsa/202310-12 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20230609-0009/ | Third Party Advisory |
https://support.apple.com/kb/HT213843 | Third Party Advisory |
https://support.apple.com/kb/HT213844 | Third Party Advisory |
https://support.apple.com/kb/HT213845 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
22 Dec 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 04:10
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
20 Oct 2023, 21:05
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202310-12 - Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2023/Jul/47 - Mailing List, Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2023/Jul/48 - Mailing List, Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2023/Jul/52 - Mailing List, Third Party Advisory |
11 Oct 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Aug 2023, 16:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_antivirus_connector:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://support.apple.com/kb/HT213843 - Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213844 - Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2023/Jul/52 - Mailing List | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2023/Jul/47 - Mailing List | |
References | (CONFIRM) https://support.apple.com/kb/HT213845 - Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2023/Jul/48 - Mailing List | |
First Time |
Netapp h700s
Netapp ontap Antivirus Connector Netapp clustered Data Ontap Netapp h700s Firmware Netapp h300s Apple Apple macos Netapp h300s Firmware Netapp h410s Netapp h410s Firmware Netapp h500s Firmware Netapp Netapp h500s |
25 Jul 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Jul 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Jun 2023, 16:40
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.7 |
First Time |
Fedoraproject
Fedoraproject fedora |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/ - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20230609-0009/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/ - Mailing List, Third Party Advisory |
09 Jun 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Jun 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Jun 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Jun 2023, 18:25
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
References | (MISC) https://hackerone.com/reports/1954658 - Exploit, Patch, Third Party Advisory | |
CWE | NVD-CWE-noinfo | |
First Time |
Haxx
Haxx curl |
|
CPE | cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* |
26 May 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-26 21:15
Updated : 2023-12-22 16:15
NVD link : CVE-2023-28322
Mitre link : CVE-2023-28322
CVE.ORG link : CVE-2023-28322
JSON object : View
Products Affected
netapp
- h700s_firmware
- h700s
- h300s_firmware
- h410s
- h500s_firmware
- ontap_antivirus_connector
- h410s_firmware
- h500s
- clustered_data_ontap
- h300s
apple
- macos
fedoraproject
- fedora
haxx
- curl
CWE