7.5
CVE-2023-38039
- EPSS 62.25%
- Veröffentlicht 15.09.2023 04:15:10
- Zuletzt bearbeitet 02.12.2025 20:15:46
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version37
Fedoraproject ≫ Fedora Version38
Fedoraproject ≫ Fedora Version39
Microsoft ≫ Windows 10 1809 Version < 10.0.17763.5122
Microsoft ≫ Windows 10 21h2 Version < 10.0.19044.3693
Microsoft ≫ Windows 10 22h2 Version < 10.0.19045.3693
Microsoft ≫ Windows 11 21h2 Version < 10.0.22000.2600
Microsoft ≫ Windows 11 22h2 Version < 10.0.22621.2715
Microsoft ≫ Windows 11 23h2 Version < 10.0.22631.2715
Microsoft ≫ Windows Server 2019 Version < 10.0.17763.5122
Microsoft ≫ Windows Server 2022 Version < 10.0.20348.2113
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 62.25% | 0.991 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://security.gentoo.org/glsa/202310-12
https://support.apple.com/kb/HT214036
http://seclists.org/fulldisclosure/2023/Oct/17
http://seclists.org/fulldisclosure/2024/Jan/34
http://seclists.org/fulldisclosure/2024/Jan/37
http://seclists.org/fulldisclosure/2024/Jan/38
https://hackerone.com/reports/2072338
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/
https://security.netapp.com/advisory/ntap-20231013-0005/
https://support.apple.com/kb/HT214057
https://support.apple.com/kb/HT214058
https://support.apple.com/kb/HT214063
https://www.insyde.com/security-pledge/SA-2023064