Lucene search

HackeroneCVE-2023-23916

HistoryFeb 23, 2023 - 8:15 p.m.

CVE-2023-23916

2023-02-2320:15:13

CWE-770

hackerone

web.nvd.nist.gov

416

cve-2023-23916

resource allocation

vulnerability

curl

http compression

decompression chain

malloc bomb

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

53.6%

JSON

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the “chained” HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable “links” in this “decompression chain” wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a “malloc bomb”, making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.

Affected configurations

Nvd

Vulners

Node

haxxcurlRange7.57.0–7.88.0

Node

fedoraprojectfedoraMatch36

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

netapph500s_firmwareMatch-

AND

netapph500sMatch-

Node

netapph700s_firmwareMatch-

AND

netapph700sMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

netappclustered_data_ontapMatch-

Node

splunkuniversal_forwarderRange8.2.0–8.2.12

splunkuniversal_forwarderRange9.0.0–9.0.6

splunkuniversal_forwarderMatch9.1.0

VendorProductVersionCPE
haxxcurl*cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
fedoraprojectfedora36cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
netapph300s_firmware-cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
netapph300s-cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
netapph500s_firmware-cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
netapph500s-cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
netapph700s_firmware-cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
netapph700s-cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
haxx	curl	*	cpe:2.3:a:haxx:curl::::::::
fedoraproject	fedora	36	cpe:2.3:o:fedoraproject:fedora:36:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
debian	debian_linux	11.0	cpe:2.3:o:debian:debian_linux:11.0:::::::*
netapp	h300s_firmware	-	cpe:2.3:o:netapp:h300s_firmware:-:::::::*
netapp	h300s	-	cpe:2.3:h:netapp:h300s:-:::::::*
netapp	h500s_firmware	-	cpe:2.3:o:netapp:h500s_firmware:-:::::::*
netapp	h500s	-	cpe:2.3:h:netapp:h500s:-:::::::*
netapp	h700s_firmware	-	cpe:2.3:o:netapp:h700s_firmware:-:::::::*
netapp	h700s	-	cpe:2.3:h:netapp:h700s:-:::::::*

Rows per page:

1-10 of 151

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "https://github.com/curl/curl",
    "versions": [
      {
        "version": "Fixed in 7.88.0",
        "status": "affected"
      }
    ]
  }
]