7.5

CVE-2023-38039

Exploit
When curl retrieves an HTTP response, it stores the incoming headers so that
they can be accessed later via the libcurl headers API.

However, curl did not have a limit in how many or how large headers it would
accept in a response, allowing a malicious server to stream an endless series
of headers and eventually cause curl to run out of heap memory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HaxxCurl Version >= 7.84.0 < 8.3.0
FedoraprojectFedora Version37
FedoraprojectFedora Version38
FedoraprojectFedora Version39
MicrosoftWindows 10 1809 Version < 10.0.17763.5122
MicrosoftWindows 10 21h2 Version < 10.0.19044.3693
MicrosoftWindows 10 22h2 Version < 10.0.19045.3693
MicrosoftWindows 11 21h2 Version < 10.0.22000.2600
MicrosoftWindows 11 22h2 Version < 10.0.22621.2715
MicrosoftWindows 11 23h2 Version < 10.0.22631.2715
MicrosoftWindows Server 2019 Version < 10.0.17763.5122
MicrosoftWindows Server 2022 Version < 10.0.20348.2113
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 62.25% 0.991
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://security.gentoo.org/glsa/202310-12
Third Party Advisory
https://support.apple.com/kb/HT214036
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/17
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2024/Jan/34
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2024/Jan/37
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2024/Jan/38
Third Party Advisory
Mailing List
https://hackerone.com/reports/2072338
Patch
Third Party Advisory
Exploit
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/
Mailing List
https://security.netapp.com/advisory/ntap-20231013-0005/
Third Party Advisory
https://support.apple.com/kb/HT214057
Third Party Advisory
https://support.apple.com/kb/HT214058
Third Party Advisory
https://support.apple.com/kb/HT214063
Third Party Advisory
https://www.insyde.com/security-pledge/SA-2023064
Third Party Advisory