A flaw was found in the Curl package. Curl allows a malicious server to stream an endless series of headers to a client due to missing limit on header quantity, eventually causing curl to run out of heap memory, which may lead to a crash.

References

bugzilla.redhat.com/show_bug.cgi?id=2239135

curl.se/docs/CVE-2023-38039.html

nvd.nist.gov/vuln/detail/CVE-2023-38039

www.cve.org/CVERecord?id=CVE-2023-38039

cve 1

nessus 28

osv 2

openvas 12

fedora 3

hackerone 2

freebsd 1

cbl_mariner 3

cvelist 1

mscve 1

slackware 1

veracode 1

ibm 10

amazon 1

kaspersky 2

debiancve 1

ubuntucve 1

alpinelinux 1

prion 1

nvd 1

ubuntu 1

photon 3

apple 3

mageia 1

redhat 2

gentoo 1

ics 2

mskb 5

oracle 3

cve

CVE-2023-38039

2023-09-15 04:15:10

nessus

Ubuntu 23.04 : curl vulnerability (USN-6363-1)

2023-09-13 00:00:00

Amazon Linux 2 : curl (ALAS-2023-2271)

2023-10-05 00:00:00

Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039)

2023-09-14 00:00:00

osv

CVE-2023-38039

2023-09-15 04:15:10

HTTP headers eat all memory

2023-09-13 08:00:00

openvas

Ubuntu: Security Advisory (USN-6363-1)

2023-09-14 00:00:00

openSUSE: Security Advisory for curl (SUSE-SU-2023:3823-1)

2024-03-04 00:00:00

Slackware: Security Advisory (SSA:2023-256-01)

2023-09-14 00:00:00

fedora

[SECURITY] Fedora 38 Update: curl-8.0.1-4.fc38

2023-09-16 01:29:15

[SECURITY] Fedora 39 Update: curl-8.2.1-2.fc39

2023-09-26 00:19:05

[SECURITY] Fedora 37 Update: curl-7.85.0-11.fc37

2023-09-26 01:33:43

hackerone

curl: CVE-2023-38039: HTTP header allocation DOS

2023-07-17 12:43:20

Internet Bug Bounty: [curl] CVE-2023-38039: HTTP header allocation DOS

2023-09-13 14:52:07

freebsd

curl -- HTTP headers eat all memory

2023-09-13 00:00:00

cbl_mariner

CVE-2023-38039 affecting package curl for versions less than 8.3.0-1

2023-10-11 01:41:59

CVE-2023-38039 affecting package mysql for versions less than 8.0.35-1

2023-11-30 20:33:05

CVE-2023-38039 affecting package tensorflow for versions less than 2.16.1-1

2024-04-17 22:02:46

cvelist

CVE-2023-38039

2023-09-15 03:21:54

mscve

Hackerone: CVE-2023-38039 HTTP headers eat all memory

2023-10-19 07:00:00

slackware

[slackware-security] curl

2023-09-14 02:14:25

veracode

Denial Of Service (DoS)

2023-10-02 20:08:01

ibm

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to cURL libcurl. (CVE-2023-38039)

2023-12-06 13:46:44

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use the MQ clients and CCDT files are vulnerable to denial of service due to [CVE-2023-38039]

2023-12-14 10:45:03

Security Bulletin: IBM MQ is affected by a vulnerability in libcURL

2023-10-31 17:29:31

amazon

Important: curl

2023-09-27 22:48:00

kaspersky

KLA61542 PE vulnerability in Microsoft Mariner

2023-10-19 00:00:00

KLA61541 Multiple vulnerabilities in Microsoft Windows

2023-10-19 00:00:00

debiancve

CVE-2023-38039

2023-09-15 04:15:10

ubuntucve

CVE-2023-38039

2023-09-13 00:00:00

alpinelinux

CVE-2023-38039

2023-09-15 04:15:10

prion

Design/Logic Flaw

2023-09-15 04:15:00

nvd

CVE-2023-38039

2023-09-15 04:15:10

ubuntu

curl vulnerability

2023-09-13 00:00:00

photon

Important Photon OS Security Update - PHSA-2023-5.0-0095

2023-09-14 00:00:00

Important Photon OS Security Update - PHSA-2023-4.0-0471

2023-09-14 00:00:00

Important Photon OS Security Update - PHSA-2023-3.0-0650

2023-09-15 00:00:00

apple

About the security content of macOS Monterey 12.7.3

2024-01-22 00:00:00

About the security content of macOS Ventura 13.6.4

2024-01-22 00:00:00

About the security content of macOS Sonoma 14.2

2023-12-11 00:00:00

mageia

Updated curl packages fix security vulnerability

2023-09-25 01:16:18

redhat

(RHSA-2023:7625) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP2 security update

2023-12-07 13:41:37

(RHSA-2023:7626) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP2 security update

2023-12-07 13:53:17

gentoo

curl: Multiple Vulnerabilities

2023-10-11 00:00:00

ics

Siemens SIMATIC RTLS Locating Manager

2024-05-16 12:00:00

Siemens SINEC NMS

2024-02-15 12:00:00

mskb

November 14, 2023—KB5032189 (OS Builds 19044.3693 and 19045.3693)

2024-02-20 08:00:00

November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715)

2024-02-20 08:00:00

November 14, 2023—KB5032196 (OS Build 17763.5122)

2024-02-20 08:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Oracle Critical Patch Update Advisory - April 2024

2024-04-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.009 Low

EPSS

Percentile

83.1%

JSON

Related for RH:CVE-2023-38039