Lucene search
NyymiH1:2274981HistoryDec 06, 2023 - 12:00 p.m.
Internet Bug Bounty: curl cookie mixed case PSL bypass
2023-12-0612:00:29
nyymi
hackerone.com
$2540
26
curl
super cookies
vulnerability
public suffix list
bypass
A vulnerability in curl allows a malicious HTTP server to set “super cookies” in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains.
It could do this by exploiting a mixed case flaw in curl’s function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with domain=co.UK when the URL used a lowercase hostname curl.co.uk, even though co.uk is listed as a PSL domain.
Impact
Issue supercookies bypassing the Public Suffix List check.
Related
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1117)
2024-01-29 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1102)
2024-01-29 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1452)
2024-03-21 00:00:00
nessus
nessus
EulerOS 2.0 SP11 : curl (EulerOS-SA-2024-1102)
2024-01-26 00:00:00
RHEL 9 : curl (RHSA-2024:0452)
2024-01-25 00:00:00
EulerOS 2.0 SP9 : curl (EulerOS-SA-2024-1172)
2024-02-08 00:00:00
osv
osv
curl - security update
2023-12-23 00:00:00
Moderate: curl security update
2024-03-05 00:00:00
CVE-2023-46218
2023-12-07 01:15:07
aix
aix
prion
prion
Code injection
2023-12-07 01:15:00
alpinelinux
alpinelinux
CVE-2023-46218
2023-12-07 01:15:07
ibm
ibm
oraclelinux
oraclelinux
curl security update
2024-03-06 00:00:00
curl security and bug fix update
2024-04-03 00:00:00
redhatcve
redhatcve
CVE-2023-46218
2023-12-06 09:47:42
nvd
nvd
CVE-2023-46218
2023-12-07 01:15:07
cve
cve
CVE-2023-46218
2023-12-07 01:15:07
amazon
amazon
Medium: curl
2024-04-24 22:15:00
Low: curl
2024-01-03 21:04:00
cbl_mariner
cbl_mariner
CVE-2023-46218 affecting package mysql for versions less than 8.0.35-2
2024-01-14 22:46:30
CVE-2023-46218 affecting package curl for versions less than 8.5.0-1
2024-01-14 22:46:30
f5
f5
K000138650 : cURL vulnerability CVE-2023-46218
2024-02-21 00:00:00
almalinux
almalinux
Moderate: curl security update
2024-03-05 00:00:00
Moderate: curl security and bug fix update
2024-04-02 00:00:00
hackerone
hackerone
curl: CVE-2023-46218: cookie mixed case PSL bypass
2023-10-16 18:28:56
wolfi
wolfi
CVE-2023-46218 vulnerabilities
2024-06-29 09:08:33
cvelist
cvelist
CVE-2023-46218
2023-12-07 01:10:34
debiancve
debiancve
CVE-2023-46218
2023-12-07 01:15:07
redhat
redhat
(RHSA-2024:1129) Moderate: curl security update
2024-03-05 15:32:04
(RHSA-2024:0452) Moderate: curl security update
2024-01-24 14:40:52
(RHSA-2024:0434) Moderate: curl security update
2024-01-24 14:40:38
veracode
veracode
Cookie Mixed Case PSL Bypass
2023-12-08 01:03:15
redos
redos
ROS-20240328-11
2024-03-28 00:00:00
ubuntu
ubuntu
curl vulnerability
2024-02-19 00:00:00
curl vulnerabilities
2023-12-06 00:00:00
ubuntucve
ubuntucve
CVE-2023-46218
2023-12-06 00:00:00
cgr
cgr
CVE-2023-46218 vulnerabilities
2024-05-19 03:07:16
mageia
mageia
Updated curl packages fix security vulnerabilities
2023-12-13 21:32:37
cloudfoundry
cloudfoundry
USN-6535-1: curl vulnerabilities | Cloud Foundry
2024-03-18 00:00:00
debian
debian
[SECURITY] [DSA 5587-1] curl security update
2023-12-23 19:13:59
[SECURITY] [DLA 3692-1] curl security update
2023-12-22 14:27:56
fedora
fedora
[SECURITY] Fedora 38 Update: curl-8.0.1-6.fc38
2023-12-15 02:19:17
[SECURITY] Fedora 39 Update: curl-8.2.1-4.fc39
2023-12-10 01:37:35
photon
photon
Moderate Photon OS Security Update - PHSA-2024-4.0-0623
2024-06-04 00:00:00
Moderate Photon OS Security Update - PHSA-2024-5.0-0280
2024-05-28 00:00:00
rocky
rocky
curl security and bug fix update
2024-04-05 14:55:53
ics
ics
Siemens SIMATIC RTLS Locating Manager
2024-05-16 12:00:00
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00