Main Vulnerability Database Vulnerabilities #VU78540

#VU78540 Time-of-check Time-of-use (TOCTOU) Race Condition in cURL - CVE-2023-32001

Published: July 21, 2023

Vulnerability identifier: #VU78540

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-32001

CWE-ID: CWE-367

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
cURL

Software vendor:
curl.haxx.se

Description

The vulnerability allows a local users to escalate privileges on the system.

The vulnerability exists due to a race condition when calling fopen() on STS and/or alt-svc data to files. A local user can create or rename directory entries in the directory the victim saves their files and abuse the symbolic link behavior to overwrite arbitrary files on the system.

Remediation

Install updates from vendor's website.

External links

https://curl.haxx.se/docs/CVE-2023-32001.html

#VU78540 Time-of-check Time-of-use (TOCTOU) Race Condition in cURL - CVE-2023-32001

Description

Remediation

External links

Please verify you're human