Cookie Injection

🗓️ 12 Oct 2023 08:53:47Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 43 Views

libcurl.so vulnerability in Cookie Injection due to lack of validation in `curl_easy_duphandle` functio

Reporter	Title	Published	Views	Family All 300
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to libcurl and cURL. (CVE-2023-38546, CVE-2023-38545)	20 Nov 202315:27	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability with GNU glibc & libcURL affect IBM Cloud Object Storage Systems (Nov2023v1)	14 Nov 202322:53	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js, AngularJS, Golang Go, libcURL, PostgreSQL, Linux kernel might affect IBM Spectrum Protect Plus	24 Sep 202405:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to protobuf-go, libcurl, libexpat, Java SE, IBM GSKit-Crypto, open redirect, buffer overflow condition and golang-fips/openssl vulnerabilities.	30 Apr 202407:19	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the use of curl, IBM CICS TX Advanced is vulnerable to security restrictions potentially being bypassed (CVE-2023-38546).	13 Feb 202416:21	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in cURL libcurl affect AIX	11 Dec 202320:06	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libcurl, cURL and Linux Kernel might affect IBM Storage Copy Data Management	14 Jun 202416:27	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8	18 Oct 202407:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities	15 Apr 202502:22	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and IBM Java may affect IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V	15 Apr 202502:18	–	ibm

Vulners

Node

curl curlMatch7.74.0-1.3+b1debian

AND

curl curlMatch7.72.0-1debian

AND

debian debian_linuxMatch11

curl curlMatch7.64.0-4+deb10u2debian

AND

curl curlMatch7.64.0-4+deb10u1debian

AND

debian debian_linuxMatch10

curl curlMatch7.72.0-1debian

AND

debian debian_linuxMatch999

curl curlMatch7.87.0-r0cpp

AND

curl curlMatch8.1.2-r0cpp

AND

curl curlMatch7.87.0-r1cpp

AND

curl curlMatch7.88.1-r0cpp

AND

curl curlMatch7.87.0-r2cpp

AND

curl curlMatch7.88.1-r1cpp

AND

curl curlMatch7.86.0-r1cpp

AND

curl curlMatch8.1.0-r2cpp

AND

curl curlMatch8.1.1-r1cpp

AND

curl curlMatch8.2.0-r1cpp

AND

curl curlMatch8.2.1-r0cpp

AND

curl curlMatch8.3.0-r0cpp

AND

curl curlMatch8.0.1-r0cpp

AND

alpinelinux alpine_linuxMatch3.17

curl curlMatch8.1.0-r2cpp

AND

curl curlMatch8.3.0-r0cpp

AND

curl curlMatch8.2.0-r1cpp

AND

curl curlMatch7.83.1-r1cpp

AND

curl curlMatch7.83.1-r3cpp

AND

curl curlMatch8.1.1-r1cpp

AND

curl curlMatch7.83.0-r0cpp

AND

curl curlMatch7.83.1-r2cpp

AND

curl curlMatch8.0.1-r0cpp

AND

curl curlMatch8.2.1-r0cpp

AND

curl curlMatch7.83.1-r5cpp

AND

curl curlMatch7.83.1-r6cpp

AND

curl curlMatch7.83.1-r4cpp

AND

curl curlMatch8.1.2-r0cpp

AND

alpinelinux alpine_linuxMatch3.16

curl curlMatch7.83.1-r1cpp

AND

curl curlMatch7.84.0-r0cpp

AND

curl curlMatch7.80.0-r0cpp

AND

curl curlMatch7.69.0-r0cpp

AND

curl curlMatch7.87.0-r1cpp

AND

curl curlMatch7.79.1-r0cpp

AND

curl curlMatch7.68.0-r0cpp

AND

curl curlMatch8.2.0-r1cpp

AND

curl curlMatch8.1.0-r3cpp

AND

curl curlMatch7.78.0-r0cpp

AND

curl curlMatch7.79.0-r0cpp

AND

curl curlMatch7.85.0-r0cpp

AND

curl curlMatch8.3.0-r0cpp

AND

curl curlMatch7.75.0-r0cpp

AND

curl curlMatch7.78.0-r2cpp

AND

curl curlMatch8.2.1-r0cpp

AND

curl curlMatch7.69.1-r0cpp

AND

curl curlMatch8.3.0-r1cpp

AND

curl curlMatch7.83.0-r0cpp

AND

curl curlMatch7.82.0-r0cpp

AND

curl curlMatch8.0.1-r1cpp

AND

curl curlMatch8.1.1-r1cpp

AND

curl curlMatch7.84.0-r1cpp

AND

curl curlMatch7.81.0-r1cpp

AND

curl curlMatch7.77.0-r1cpp

AND

curl curlMatch8.1.2-r0cpp

AND

curl curlMatch7.87.0-r3cpp

AND

curl curlMatch7.88.1-r1cpp

AND

curl curlMatch8.0.1-r3cpp

AND

curl curlMatch8.1.2-r2cpp

AND

curl curlMatch7.76.1-r0cpp

AND

curl curlMatch7.77.0-r0cpp

AND

curl curlMatch7.87.0-r0cpp

AND

curl curlMatch8.1.2-r1cpp

AND

curl curlMatch7.84.0-r2cpp

AND

curl curlMatch7.86.0-r1cpp

AND

curl curlMatch7.69.0-r1cpp

AND

curl curlMatch8.0.1-r2cpp

AND

curl curlMatch8.0.1-r0cpp

AND

curl curlMatch7.81.0-r0cpp

AND

curl curlMatch7.76.0-r0cpp

AND

alpinelinux alpine_linuxMatchedge

curl curlMatch7.80.0-r3cpp

AND

curl curlMatch7.80.0-r5cpp

AND

curl curlMatch8.3.0-r0cpp

AND

curl curlMatch8.1.0-r2cpp

AND

curl curlMatch8.2.0-r1cpp

AND

curl curlMatch7.80.0-r0cpp

AND

curl curlMatch8.1.1-r1cpp

AND

curl curlMatch8.1.2-r0cpp

AND

curl curlMatch7.80.0-r6cpp

AND

curl curlMatch7.80.0-r2cpp

AND

curl curlMatch8.0.1-r0cpp

AND

curl curlMatch7.79.1-r0cpp

AND

curl curlMatch7.80.0-r4cpp

AND

curl curlMatch8.2.1-r0cpp

AND

curl curlMatch7.80.0-r1cpp

AND

alpinelinux alpine_linuxMatch3.15

curl curlMatch8.1.1-r1cpp

AND

curl curlMatch8.3.0-r0cpp

AND

curl curlMatch8.2.1-r0cpp

AND

curl curlMatch8.1.2-r0cpp

AND

curl curlMatch8.2.0-r1cpp

AND

curl curlMatch8.1.0-r2cpp

AND

curl curlMatch8.0.1-r2cpp

AND

alpinelinux alpine_linuxMatch3.18

libcurl.so libcurl.soRange2.0.2.debug–4.8.0cpp

Source	Link
github	www.github.com/curl/curl/commit/61275672b46d9abb32857404
curl	www.curl.se/docs/CVE-2023-38546.html
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
seclists	www.seclists.org/fulldisclosure/2024/Jan/34
seclists	www.seclists.org/fulldisclosure/2024/Jan/37
seclists	www.seclists.org/fulldisclosure/2024/Jan/38
forum	www.forum.vmssoftware.com/viewtopic.php
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/
support	www.support.apple.com/kb/HT214036
support	www.support.apple.com/kb/HT214057

13 Feb 2025 19:34Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.13.7

EPSS0.00441

SSVC