Lucene search
GoogleOSV:USN-6429-2HistoryOct 11, 2023 - 3:17 p.m.
curl vulnerability
2023-10-1115:17:59
Google
osv.dev
5
usn-6429-1
curl
vulnerability
ubuntu
cookies
cve-2023-38546
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
9.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.0%
USN-6429-1 fixed a vulnerability in curl. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS
and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that curl incorrectly handled cookies when an application
duplicated certain handles. A local attacker could possibly create a cookie
file and inject arbitrary cookies into subsequent connections.
(CVE-2023-38546)
Related
nessus
nessus
CBL Mariner 2.0 Security Update: cmake (CVE-2023-38546)
2023-10-30 00:00:00
SUSE SLES15 Security Update : curl (SUSE-SU-2023:4045-1)
2023-10-13 00:00:00
RHEL 6 / 7 / 8 / 9 : Red Hat Satellite Client (RHSA-2024:2101)
2024-04-29 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6429-2)
2023-10-12 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1136)
2024-02-09 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1647)
2024-05-16 00:00:00
redhatcve
redhatcve
CVE-2023-38546
2023-10-11 13:11:32
f5
f5
K000137211 : cURL vulnerabilities CVE-2023-38546
2023-10-11 00:00:00
debiancve
debiancve
CVE-2023-38546
2023-10-18 04:15:11
ubuntu
ubuntu
curl vulnerability
2023-10-11 00:00:00
curl vulnerabilities
2023-10-17 00:00:00
curl vulnerabilities
2023-10-11 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-38546 affecting package curl for versions less than 8.3.0-2
2023-10-12 19:11:35
CVE-2023-38546 affecting package cmake for versions less than 3.21.4-10
2024-03-19 17:21:46
CVE-2023-38546 affecting package tensorflow for versions less than 2.16.1-1
2024-04-17 22:02:46
hackerone
hackerone
curl: CVE-2023-38546: cookie injection with none file
2023-09-14 14:58:50
Internet Bug Bounty: [CVE-2023-38546] cookie injection with none file
2023-10-19 10:01:36
cve
cve
CVE-2023-38546
2023-10-18 04:15:11
alpinelinux
alpinelinux
CVE-2023-38546
2023-10-18 04:15:11
nvd
nvd
CVE-2023-38546
2023-10-18 04:15:11
redhat
redhat
(RHSA-2024:2101) Low: Red Hat Satellite Client bug fix and security update
2024-04-29 15:24:50
(RHSA-2023:7540) Low: curl security and bug fix update
2023-11-28 14:46:10
(RHSA-2023:6745) Important: curl security update
2023-11-07 10:08:50
ibm
ibm
Security Bulletin: Due to the use of curl, IBM CICS TX Advanced is vulnerable to security restrictions potentially being bypassed (CVE-2023-38546).
2024-02-13 16:30:43
cloudlinux
cloudlinux
curl: Fix of CVE-2023-38546
2023-10-16 13:58:12
cgr
cgr
CVE-2023-38546 vulnerabilities
2024-05-19 03:07:16
osv
osv
cookie injection with none file
2023-10-11 08:00:00
CVE-2023-38546
2023-10-18 04:15:11
Important: curl security update
2023-10-17 00:00:00
cloudfoundry
cloudfoundry
USN-6429-2: curl vulnerability | Cloud Foundry
2023-12-04 00:00:00
USN-6429-1: curl vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
cvelist
cvelist
CVE-2023-38546
2023-10-18 03:51:31
prion
prion
Design/Logic Flaw
2023-10-18 04:15:00
ubuntucve
ubuntucve
CVE-2023-38546
2023-10-11 00:00:00
veracode
veracode
Cookie Injection
2023-10-12 08:53:47
wolfi
wolfi
CVE-2023-38546 vulnerabilities
2024-07-01 09:08:36
amazon
amazon
Important: curl
2023-10-10 21:19:00
slackware
slackware
[slackware-security] curl
2023-10-11 06:45:13
aix
aix
Multiple vulnerabilities in cURL libcurl affect AIX
2023-12-11 13:22:02
almalinux
almalinux
Important: curl security update
2023-11-07 00:00:00
Important: curl security update
2023-10-17 00:00:00
Moderate: curl security and bug fix update
2024-04-02 00:00:00
debian
debian
[SECURITY] [DLA 3613-1] curl security update
2023-10-11 11:49:02
[SECURITY] [DSA 5523-1] curl security update
2023-10-11 06:58:41
thn
thn
Security Patch for Two New Flaws in Curl Library Arriving on October 11
2023-10-09 10:32:00
fedora
fedora
[SECURITY] Fedora 37 Update: curl-7.85.0-12.fc37
2023-10-28 01:25:37
[SECURITY] Fedora 38 Update: curl-8.0.1-5.fc38
2023-10-14 01:32:18
[SECURITY] Fedora 39 Update: curl-8.2.1-3.fc39
2023-10-16 15:27:49
paloalto
paloalto
Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)
2023-10-12 20:40:00
mageia
mageia
Updated the curl packages to fix two security vulnerabilities
2023-10-14 01:56:51
rocky
rocky
curl security update
2023-10-24 18:36:52
curl security and bug fix update
2024-04-05 14:55:53
cisco
cisco
cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
2023-10-12 16:00:00
redos
redos
ROS-20231016-05
2023-10-16 00:00:00
oraclelinux
oraclelinux
curl security update
2023-11-16 00:00:00
curl security update
2023-10-18 00:00:00
curl security and bug fix update
2024-04-03 00:00:00
qualysblog
qualysblog
Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets
2023-10-06 00:14:06
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0487
2023-10-11 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0667
2023-10-11 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0113
2023-10-11 00:00:00
ics
ics
Siemens RUGGEDCOM APE1808
2024-03-14 12:00:00
apple
apple
About the security content of macOS Monterey 12.7.3
2024-01-22 00:00:00
About the security content of macOS Ventura 13.6.4
2024-01-22 00:00:00
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
9.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.0%
Related for OSV:USN-6429-2