Vulnerability Name: | CVE-2023-28319 (CCN-255616) | ||||||||||||
Assigned: | 2023-05-17 | ||||||||||||
Published: | 2023-05-17 | ||||||||||||
Updated: | 2023-08-02 | ||||||||||||
Summary: | cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a use-after-free flaw in SSH sha256 fingerprint check. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive heap-based data from the error message, and use this information to launch further attacks against the affected system. | ||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N)
| ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2023-28319 Source: support@hackerone.com Type: Mailing List support@hackerone.com Source: support@hackerone.com Type: Mailing List support@hackerone.com Source: support@hackerone.com Type: Mailing List support@hackerone.com Source: CCN Type: Project curl Security Advisory, May 17 2023 CVE-2023-28319 UAF in SSH sha256 fingerprint check Source: XF Type: UNKNOWN curl-cve202328319-info-disc(255616) Source: support@hackerone.com Type: Exploit, Patch, Third Party Advisory support@hackerone.com Source: CCN Type: oss-sec Mailing List, Wed, 17 May 2023 08:40:59 +0200 (CEST) curl: CVE-2023-28319: UAF in SSH sha256 fingerprint check Source: support@hackerone.com Type: Third Party Advisory support@hackerone.com Source: support@hackerone.com Type: Third Party Advisory support@hackerone.com Source: support@hackerone.com Type: Third Party Advisory support@hackerone.com Source: support@hackerone.com Type: Third Party Advisory support@hackerone.com | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |