Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-32001HistoryJul 26, 2023 - 9:15 p.m.
CVE-2023-32001
2023-07-2621:15:00
Debian Security Bug Tracker
security-tracker.debian.org
43
libcurl
toctou
race condition
vulnerability
saving data
files
0.0004 Low
EPSS
Percentile
9.1%
libcurl can be told to save cookie, HSTS and/or alt-svc data to files. When
doing this, it called stat() followed by fopen() in a way that made it
vulnerable to a TOCTOU race condition problem.
By exploiting this flaw, an attacker could trick the victim to create or
overwrite protected files holding this data in ways it was not intended to.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | curl | < 7.88.1-10+deb12u1 | curl_7.88.1-10+deb12u1_all.deb |
| Debian | 11 | all | curl | < 7.74.0-1.3+deb11u7 | curl_7.74.0-1.3+deb11u7_all.deb |
| Debian | 10 | all | curl | < 7.64.0-4+deb10u2 | curl_7.64.0-4+deb10u2_all.deb |
| Debian | 999 | all | curl | < 7.88.1-11 | curl_7.88.1-11_all.deb |
Related
nvd
nvd
CVE-2023-32001
2023-07-26 21:15:10
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:2880-1)
2023-07-20 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-3026)
2023-10-31 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-3355)
2023-12-14 00:00:00
veracode
veracode
Race Condition
2023-07-28 12:50:09
nessus
nessus
SUSE SLES12 Security Update : curl (SUSE-SU-2023:2880-1)
2023-07-20 00:00:00
EulerOS Virtualization 2.11.0 : curl (EulerOS-SA-2023-3374)
2024-01-16 00:00:00
Curl Arbitrary File Write 7.x >= 7.84.0 / 8.x <= 8.1.2 (CVE-2023-32001)
2023-07-26 00:00:00
cvelist
cvelist
CVE-2023-32001
2023-07-26 20:09:57
hackerone
hackerone
curl: CVE-2023-32001: fopen race condition
2023-06-27 07:05:59
Internet Bug Bounty: [curl] CVE-2023-32001: fopen race condition
2023-07-21 03:35:02
redhatcve
redhatcve
CVE-2023-32001
2023-07-19 08:37:27
debian
debian
[SECURITY] [DSA 5460-1] curl security update
2023-07-26 19:36:53
cbl_mariner
cbl_mariner
CVE-2023-32001 affecting package rust for versions less than 1.72.0-2
2023-10-11 01:41:59
CVE-2023-32001 affecting package curl for versions less than 8.2.1-1
2023-08-18 20:45:02
CVE-2023-32001 affecting package tensorflow for versions less than 2.16.1-1
2024-04-17 22:02:46
fedora
fedora
[SECURITY] Fedora 37 Update: curl-7.85.0-10.fc37
2023-08-01 01:32:25
[SECURITY] Fedora 38 Update: curl-8.0.1-3.fc38
2023-07-22 01:23:13
slackware
slackware
[slackware-security] curl
2023-07-19 20:41:36
ubuntucve
ubuntucve
CVE-2023-32001
2023-07-19 00:00:00
cve
cve
CVE-2023-32001
2023-07-26 21:15:10
wolfi
wolfi
CVE-2023-32001 vulnerabilities
2024-01-25 13:47:19
prion
prion
Design/Logic Flaw
2023-07-26 21:15:00
cgr
cgr
CVE-2023-32001 vulnerabilities
2024-01-25 17:18:02
photon
photon
Moderate Photon OS Security Update - PHSA-2023-3.0-0616
2023-07-20 00:00:00
Moderate Photon OS Security Update - PHSA-2023-4.0-0432
2023-07-19 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0054
2023-07-19 00:00:00
cloudfoundry
cloudfoundry
USN-6237-1: curl vulnerabilities | Cloud Foundry
2024-03-18 00:00:00
USN-6237-2: curl regression | Cloud Foundry
2023-08-10 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2023-09-11 00:00:00
curl regression
2023-07-19 00:00:00
curl vulnerabilities
2023-07-19 00:00:00
osv
osv
curl vulnerabilities
2023-07-19 12:11:55
curl vulnerabilities
2023-09-11 18:00:42
curl regression
2023-07-19 17:34:44
ibm
ibm
gentoo
gentoo
curl: Multiple Vulnerabilities
2023-10-11 00:00:00