[email protected]CVE-2023-38039

HistorySep 15, 2023 - 4:15 a.m.

CVE-2023-38039

2023-09-1504:15:10

CWE-770

[email protected]

web.nvd.nist.gov

343

cve-2023-38039

curl

http response

libcurl

headers api

security vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.009

Percentile

83.1%

JSON

When curl retrieves an HTTP response, it stores the incoming headers so that
they can be accessed later via the libcurl headers API.

However, curl did not have a limit in how many or how large headers it would
accept in a response, allowing a malicious server to stream an endless series
of headers and eventually cause curl to run out of heap memory.

Affected configurations

NVD

Node

haxxcurlRange7.84.0–8.3.0

Node

fedoraprojectfedoraMatch37

fedoraprojectfedoraMatch38

fedoraprojectfedoraMatch39

Node

microsoftwindows_10_1809Range<10.0.17763.5122

microsoftwindows_10_21h2Range<10.0.19044.3693

microsoftwindows_10_22h2Range<10.0.19045.3693

microsoftwindows_11_21h2Range<10.0.22000.2600

microsoftwindows_11_22h2Range<10.0.22621.2715

microsoftwindows_11_23h2Range<10.0.22631.2715

microsoftwindows_server_2019Range<10.0.17763.5122

microsoftwindows_server_2022Range<10.0.20348.2113

CNA Affected

[
  {
    "vendor": "curl",
    "product": "curl",
    "versions": [
      {
        "version": "8.3.0",
        "status": "affected",
        "lessThan": "8.3.0",
        "versionType": "semver"
      },
      {
        "version": "7.84.0",
        "status": "unaffected",
        "lessThan": "7.84.0",
        "versionType": "semver"
      }
    ]
  }
]