Main Vulnerability Database Vulnerabilities #VU81863

#VU81863 External control of file name or path in cURL - CVE-2023-38546

Published: October 11, 2023 / Updated: April 12, 2024

Vulnerability identifier: #VU81863

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-38546

CWE-ID: CWE-73

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
cURL

Software vendor:
curl.haxx.se

Description

The vulnerability allows an attacker to inject arbitrary cookies into request.

The vulnerability exists due to the way cookies are handled by libcurl. If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as none (using the four ASCII letters, no quotes).

Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named none - if such a file exists and is readable in the current directory of the program using libcurl.

Remediation

Install updates from vendor's website.

External links

https://curl.haxx.se/docs/CVE-2023-38546.html

#VU81863 External control of file name or path in cURL - CVE-2023-38546

Description

Remediation

External links

Please verify you're human