CVE-2023-27537

CWE-4159 documents8 sources
Severity
5.9MEDIUM
EPSS
0.1%
top 75.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Splunk Universal ForwarderHttps: /github.com/curl/curlHaxx Libcurl+1 more
Timeline
PublishedMar 30

Description

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages5 packages

NVDhaxx/libcurl7.88.0, 7.88.1+1
NVDsplunk/universal_forwarder8.2.08.2.12+2
Debiancurl< 7.88.1-7+2
CVEListV5https://github.com/curl/curlFixed in 8.0.0

🔴Vulnerability Details

3
GHSA
GHSA-9j2c-vm53-wcvm: A double free vulnerability exists in libcurl <82023-03-30
OSV
CVE-2023-27537: A double free vulnerability exists in libcurl <82023-03-30
CVEList
CVE-2023-27537: A double free vulnerability exists in libcurl <82023-03-30

📋Vendor Advisories

3
Red Hat
curl: HSTS double-free2023-03-20
Microsoft
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads b2023-03-14
Debian
CVE-2023-27537: curl - A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data betw...2023

💬Community

2
HackerOne
CVE-2023-27537: HSTS double-free2023-03-23
HackerOne
CVE-2023-27537: HSTS double-free2023-03-20