CVE-2023-28322 - Vulnerability Details

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Macos
Fedoraproject	Fedora
Haxx	Curl
Netapp	Clustered Data Ontap H300s H300s Firmware H410s H410s Firmware H500s H500s Firmware H700s H700s Firmware Ontap Antivirus Connector
Redhat	Enterprise Linux Jboss Core Services Logging Rhel Eus

Configuration 1 [-]

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

Configuration 4 [-]

OR	cpe:2.3:a:netapp:clustered_data_ontap:-:::::::*
	cpe:2.3:a:netapp:ontap_antivirus_connector:-:::::::*

Configuration 5 [-]

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
JBoss Core Services for RHEL 8
jbcs-httpd24-curl-0:8.2.1-1.el8jbcs	cpe:/a:redhat:jboss_core_services:1::el8	RHSA-2023:4629	2023-08-15T00:00:00Z
JBoss Core Services on RHEL 7
jbcs-httpd24-curl-0:8.2.1-1.el7jbcs	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2023:4629	2023-08-15T00:00:00Z
Red Hat Enterprise Linux 8
curl-0:7.61.1-33.el8_9.5	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:1601	2024-04-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
curl-0:7.61.1-22.el8_6.12	cpe:/o:redhat:rhel_eus:8.6	RHSA-2024:0428	2024-01-25T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
curl-0:7.61.1-30.el8_8.9	cpe:/o:redhat:rhel_eus:8.8	RHSA-2024:0585	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9
curl-0:7.76.1-23.el9_2.2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:4354	2023-08-01T00:00:00Z
curl-0:7.76.1-23.el9_2.2	cpe:/o:redhat:enterprise_linux:9	RHSA-2023:4354	2023-08-01T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
curl-0:7.76.1-14.el9_0.7	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:5598	2023-10-10T00:00:00Z
RHOL-5.6-RHEL-8
openshift-logging/cluster-logging-operator-bundle:v5.6.18-16	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/cluster-logging-rhel8-operator:v5.6.18-7	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/elasticsearch6-rhel8:v6.8.1-409	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/elasticsearch-operator-bundle:v5.6.18-16	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-481	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/elasticsearch-rhel8-operator:v5.6.18-7	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/eventrouter-rhel8:v0.4.0-246	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/fluentd-rhel8:v1.14.6-216	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/kibana6-rhel8:v6.8.1-430	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-226	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/logging-curator5-rhel8:v5.8.1-472	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/logging-loki-rhel8:v2.9.6-16	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/logging-view-plugin-rhel8:v5.6.18-3	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/loki-operator-bundle:v5.6.18-30	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/loki-rhel8-operator:v5.6.18-12	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/lokistack-gateway-rhel8:v0.1.0-528	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/opa-openshift-rhel8:v0.1.0-226	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/vector-rhel8:v0.21.0-127	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
RHOL-5.7-RHEL-8
openshift-logging/cluster-logging-operator-bundle:v5.7.13-16	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/cluster-logging-rhel8-operator:v5.7.13-7	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/elasticsearch6-rhel8:v6.8.1-408	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/elasticsearch-operator-bundle:v5.7.13-19	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-480	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/elasticsearch-rhel8-operator:v5.7.13-9	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/eventrouter-rhel8:v0.4.0-248	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/fluentd-rhel8:v1.14.6-215	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/kibana6-rhel8:v6.8.1-431	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-228	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/logging-curator5-rhel8:v5.8.1-471	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/logging-loki-rhel8:v2.9.6-15	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/logging-view-plugin-rhel8:v5.7.13-3	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/loki-operator-bundle:v5.7.13-27	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/loki-rhel8-operator:v5.7.13-12	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/lokistack-gateway-rhel8:v0.1.0-527	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/opa-openshift-rhel8:v0.1.0-225	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/vector-rhel8:v0.28.1-57	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
Text-Only JBCS
curl	cpe:/a:redhat:jboss_core_services:1	RHSA-2023:4628	2023-08-15T00:00:00Z

References

Link	Providers
http://seclists.org/fulldisclosure/2023/Jul/47
http://seclists.org/fulldisclosure/2023/Jul/48
http://seclists.org/fulldisclosure/2023/Jul/52
https://curl.se/docs/CVE-2023-28322.html
https://hackerone.com/reports/1954658
https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/
https://nvd.nist.gov/vuln/detail/CVE-2023-28322
https://security.gentoo.org/glsa/202310-12
https://security.netapp.com/advisory/ntap-20230609-0009/
https://support.apple.com/kb/HT213843
https://support.apple.com/kb/HT213844
https://support.apple.com/kb/HT213845
https://www.cve.org/CVERecord?id=CVE-2023-28322

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2023-05-26T00:00:00

Updated: 2024-08-02T12:38:25.091Z

Reserved: 2023-03-14T00:00:00

Link: CVE-2023-28322

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-05-26T21:15:16.153

Modified: 2024-11-21T07:54:50.347

Link: CVE-2023-28322

Redhat

Severity : Low

Publid Date: 2023-05-17T00:00:00Z

Links: CVE-2023-28322 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-28322", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "dateUpdated": "2024-08-02T12:38:25.091Z", "dateReserved": "2023-03-14T00:00:00", "datePublished": "2023-05-26T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2023-12-22T16:06:14.746366"}, "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST."}], "affected": [{"vendor": "n/a", "product": "https://github.com/curl/curl", "versions": [{"version": "Fixed in 8.1.0", "status": "affected"}]}], "references": [{"url": "https://hackerone.com/reports/1954658"}, {"name": "FEDORA-2023-37eac50e9b", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/"}, {"name": "FEDORA-2023-8ed627bb04", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/"}, {"url": "https://security.netapp.com/advisory/ntap-20230609-0009/"}, {"url": "https://support.apple.com/kb/HT213843"}, {"url": "https://support.apple.com/kb/HT213844"}, {"url": "https://support.apple.com/kb/HT213845"}, {"name": "20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2023/Jul/52"}, {"name": "20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2023/Jul/48"}, {"name": "20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2023/Jul/47"}, {"name": "GLSA-202310-12", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202310-12"}, {"name": "[debian-lts-announce] 20231222 [SECURITY] [DLA 3692-1] curl security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "Information Disclosure (CWE-200)", "cweId": "CWE-200"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:38:25.091Z"}, "title": "CVE Program Container", "references": [{"url": "https://hackerone.com/reports/1954658", "tags": ["x_transferred"]}, {"name": "FEDORA-2023-37eac50e9b", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/"}, {"name": "FEDORA-2023-8ed627bb04", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/"}, {"url": "https://security.netapp.com/advisory/ntap-20230609-0009/", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT213843", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT213844", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT213845", "tags": ["x_transferred"]}, {"name": "20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2023/Jul/52"}, {"name": "20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2023/Jul/48"}, {"name": "20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2023/Jul/47"}, {"name": "GLSA-202310-12", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202310-12"}, {"name": "[debian-lts-announce] 20231222 [SECURITY] [DLA 3692-1] curl security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "matchCriteriaId": "376FCCEF-74BD-4A99-8A1E-B70A83D89E71", "versionEndExcluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB5312D6-AEEA-4548-B3EF-B07B46168475", "versionEndExcluding": "11.7.9", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B763A1F-C183-4728-B593-67558FD9FC36", "versionEndExcluding": "12.6.8", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D701507-146E-4E5B-8C32-60E797E46627", "versionEndExcluding": "13.5", "versionStartIncluding": "13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap_antivirus_connector:-:*:*:*:*:*:*:*", "matchCriteriaId": "759D1A24-B23B-404E-AD39-F18D7DBAD501", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST."}], "id": "CVE-2023-28322", "lastModified": "2024-11-21T07:54:50.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-26T21:15:16.153", "references": [{"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Jul/47"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Jul/48"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Jul/52"}, {"source": "support@hackerone.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://hackerone.com/reports/1954658"}, {"source": "support@hackerone.com", "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html"}, {"source": "support@hackerone.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/"}, {"source": "support@hackerone.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202310-12"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230609-0009/"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213843"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213844"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213845"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Jul/47"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Jul/48"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Jul/52"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://hackerone.com/reports/1954658"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202310-12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230609-0009/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213843"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213845"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Daniel Stenberg and Hiroki Kurosawa for reporting this issue.", "affected_release": [{"advisory": "RHSA-2023:4629", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-curl-0:8.2.1-1.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2023-08-15T00:00:00Z"}, {"advisory": "RHSA-2023:4629", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-curl-0:8.2.1-1.el7jbcs", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2023-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:1601", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "curl-0:7.61.1-33.el8_9.5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-04-02T00:00:00Z"}, {"advisory": "RHSA-2024:0428", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "curl-0:7.61.1-22.el8_6.12", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2024:0585", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "curl-0:7.61.1-30.el8_8.9", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2023:4354", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "curl-0:7.76.1-23.el9_2.2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-08-01T00:00:00Z"}, {"advisory": "RHSA-2023:4354", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "curl-0:7.76.1-23.el9_2.2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-08-01T00:00:00Z"}, {"advisory": "RHSA-2023:5598", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "curl-0:7.76.1-14.el9_0.7", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-10-10T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/cluster-logging-operator-bundle:v5.6.18-16", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/cluster-logging-rhel8-operator:v5.6.18-7", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/elasticsearch6-rhel8:v6.8.1-409", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/elasticsearch-operator-bundle:v5.6.18-16", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-481", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/elasticsearch-rhel8-operator:v5.6.18-7", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/eventrouter-rhel8:v0.4.0-246", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/fluentd-rhel8:v1.14.6-216", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/kibana6-rhel8:v6.8.1-430", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-226", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/logging-curator5-rhel8:v5.8.1-472", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/logging-loki-rhel8:v2.9.6-16", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/logging-view-plugin-rhel8:v5.6.18-3", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/loki-operator-bundle:v5.6.18-30", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/loki-rhel8-operator:v5.6.18-12", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/lokistack-gateway-rhel8:v0.1.0-528", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/opa-openshift-rhel8:v0.1.0-226", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2092", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/vector-rhel8:v0.21.0-127", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/cluster-logging-operator-bundle:v5.7.13-16", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/cluster-logging-rhel8-operator:v5.7.13-7", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/elasticsearch6-rhel8:v6.8.1-408", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/elasticsearch-operator-bundle:v5.7.13-19", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-480", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/elasticsearch-rhel8-operator:v5.7.13-9", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/eventrouter-rhel8:v0.4.0-248", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/fluentd-rhel8:v1.14.6-215", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/kibana6-rhel8:v6.8.1-431", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-228", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/logging-curator5-rhel8:v5.8.1-471", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/logging-loki-rhel8:v2.9.6-15", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/logging-view-plugin-rhel8:v5.7.13-3", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/loki-operator-bundle:v5.7.13-27", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/loki-rhel8-operator:v5.7.13-12", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/lokistack-gateway-rhel8:v0.1.0-527", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/opa-openshift-rhel8:v0.1.0-225", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2093", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/vector-rhel8:v0.28.1-57", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2023:4628", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "curl", "product_name": "Text-Only JBCS", "release_date": "2023-08-15T00:00:00Z"}], "bugzilla": {"description": "curl: more POST-after-PUT confusion", "id": "2196793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-440", "details": ["An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application."], "name": "CVE-2023-28322", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:3.1", "fix_state": "Out of support scope", "package_name": "rh-dotnet31-curl", "product_name": ".NET Core 3.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-28322\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28322\nhttps://curl.se/docs/CVE-2023-28322.html"], "threat_severity": "Low"}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object