CVE-2023-46219

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 12, 2023

Updated: Jan 19, 2024

CWE ID 311

Summary

CVE-2023-46219 is a vulnerability affecting the curl software when handling HSTS (HTTP Strict Transport Security) data. If a file name saving this data becomes excessively long, curl may inadvertently erase the previous file contents. This issue could lead to unawareness of the HSTS status during subsequent requests, potentially exposing users to man-in-the-middle attacks or other security risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Haxx Curl
Fedora Operating System

Affected Vendors

Fedora Project
Haxx

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tD73x_
https://www.cve.org/CVERecord?id=CVE-2023-46219
https://nvd.nist.gov/vuln/detail/CVE-2023-46219

Back to Vulnerability Database