Main Vulnerability Database Vulnerabilities #VU72337

#VU72337 Allocation of Resources Without Limits or Throttling in cURL - CVE-2023-23916

Published: February 16, 2023 / Updated: May 17, 2023

Vulnerability identifier: #VU72337

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-23916

CWE-ID: CWE-770

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
cURL

Software vendor:
curl.haxx.se

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect implementation of the "chained" HTTP compression algorithms, where the number of links in the decompression chain was limited for each header instead of the entire request. A remote attacker can send a specially crafted compressed HTTP request with numerous headers and perform a denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

External links

https://curl.haxx.se/docs/CVE-2023-23916.html

#VU72337 Allocation of Resources Without Limits or Throttling in cURL - CVE-2023-23916

Description

Remediation

External links

Please verify you're human