Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-38039
HistorySep 15, 2023 - 4:15 a.m.

Design/Logic Flaw

2023-09-1504:15:00
PRIOn knowledge base
www.prio-n.com
12
curl
http response
header handling
malicious server
memory limit
nvd

7.3 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

When curl retrieves an HTTP response, it stores the incoming headers so that
they can be accessed later via the libcurl headers API.

However, curl did not have a limit in how many or how large headers it would
accept in a response, allowing a malicious server to stream an endless series
of headers and eventually cause curl to run out of heap memory.

CPENameOperatorVersion
fedoraeq37
fedoraeq38
fedoraeq39
curlge7.84.0
curllt8.3.0