CVE-2023-28319Use After Free in Curl

CWE-416Use After Free12 documents9 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 44.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Haxx CurlApple MacosHttps Github.com Curl Curl
Timeline
PublishedMay 26
Latest updateJul 24

Description

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDhaxx/curl< 8.1.0
Debianhaxx/curl< 7.88.1-10+2
CVEListV5https/github.com_curl_curlFixed in 8.1.0
NVDapple/macos11.011.7.9+2

Patches

Patch: hackerone.comPatch: hackerone.com

🔴Vulnerability Details

3
GHSA
GHSA-6xq7-qqp2-9mmc: A use after free vulnerability exists in curl <v82023-05-26
OSV
CVE-2023-28319: A use after free vulnerability exists in curl <v82023-05-26
CVEList
CVE-2023-28319: A use after free vulnerability exists in curl <v82023-05-26

📋Vendor Advisories

6
Apple
CVE-2023-28319: macOS Monterey 12.6.82023-07-24
Apple
CVE-2023-28319: macOS Ventura 13.52023-07-24
Apple
CVE-2023-28319: macOS Big Sur 11.7.92023-07-24
Red Hat
curl: use after free in SSH sha256 fingerprint check2023-05-17
Microsoft
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails libcurl would free the memory2023-05-09

💬Community

2
HackerOne
CVE-2023-28319: UAF in SSH sha256 fingerprint check2023-06-25
HackerOne
CVE-2023-28319: UAF in SSH sha256 fingerprint check2023-05-24
CVE-2023-28319 — Use After Free in Haxx Curl | cvebase