CVE-2023-28319: A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this…

Siemens SINEC NMS ICS Advisory ## Siemens SINEC NMS Release DateFebruary 15, 2024 Alert CodeICSA-24-046-15 As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF ## 1. EXECUTIVE SUMMARY - CVSS v3 9.8 - ATTENTION: Exploitable remotely/low attack complexity - Vendor: Siemens - Equipment: SINEC NMS - Vulnerabilities: Out-of-bounds Read, Inadequate Encryption Strength, Double Free, Use After Free, NULL Pointer Dereference, Improper Input Validation, Missing Encryption of Sensitive Data, Allocation of Resources Wit

CVE-2023-28319 [HIGH] CVE-2023-28319: macOS Monterey 12.6.8 Apple Security Update: About the security content of macOS Monterey 12.6.8 Product: macOS Monterey Version: 12.6.8 CVE: CVE-2023-28319 Component: CVE-2023-28319

CVE-2023-28319 [HIGH] CVE-2023-28319: macOS Ventura 13.5 Apple Security Update: About the security content of macOS Ventura 13.5 Product: macOS Ventura Version: 13.5 CVE: CVE-2023-28319 Component: CVE-2023-28319

CVE-2023-28319 [HIGH] CVE-2023-28319: macOS Big Sur 11.7.9 Apple Security Update: About the security content of macOS Big Sur 11.7.9 Product: macOS Big Sur Version: 11.7.9 CVE: CVE-2023-28319 Component: CVE-2023-28319

CVE-2023-28319 [HIGH] CWE-416 curl: use after free in SSH sha256 fingerprint check curl: use after free in SSH sha256 fingerprint check A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed. Statement: This vulnerability does not affect the Curl package as shipped in Red Hat Enterprise Linux 6, 7, 8 and 9. Package:

CVE-2023-28319 [HIGH] CWE-416 A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails libcurl would free the memory A use after free vulnerability exists in curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this. Mariner: Mariner hackerone: hackerone Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microso

CVE-2023-28319 [HIGH] CVE-2023-28319: curl - A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers ... A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. Scope: local bookworm: resolved (fixed in 7.88.1-10) bullseye: resolved forky: resolved (fixed in 7.88.1-10) sid: resolved (fixed in 7.88.1-10) trixie: resolved (fixed in 7.88.1-10)

CVE-2023-28319 [HIGH] CWE-416 GHSA-6xq7-qqp2-9mmc: A use after free vulnerability exists in curl <v8 A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.

CVE-2023-28319 [HIGH] CVE-2023-28319: A use after free vulnerability exists in curl <v8 A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.

CVE-2023-28319 [HIGH] CVE-2023-28319: UAF in SSH sha256 fingerprint check CVE-2023-28319: UAF in SSH sha256 fingerprint check libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. Affected versions: curl 7.81.0 to and including 8.0.1 Not affected versions: curl = 8.1.0 The original submission can be found here: https://hackerone.com/reports/1913733 ## Impact This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. CVE-2023-28319 - UAF in SSH sha256 fingerprint check VULNERABILITY libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free

CVE-2023-28319 [HIGH] CVE-2023-28319: UAF in SSH sha256 fingerprint check CVE-2023-28319: UAF in SSH sha256 fingerprint check ## Summary: The fingerprint_b64 pointer is as parameter for failure logging after it is freed. ## Steps To Reproduce: 1. git clone https://github.com/curl/curl 2. vim curl/lib/vssh/libssh2.c 3. search for the string 'free(fingerprint_b64)' and note that fingerprint_b64 is used as parameter immediately after it is freed. ## Supporting Material/References: The following are the details of the code. git commit a51f90ec0f74176776f5d14b99689f9241660eaa (HEAD -> master, origin/master, origin/HEAD) In curl/lib/vssh/libssh2.c 653 static CURLcode ssh_check_fingerprint(struct Curl_easy *data) 654 { ... 667 char *fingerprint_b64 = NULL; ... 729 if((pub_pos != b64_pos) || 730 strncmp(fingerprint_b64, pubkey_sha256, pub_pos)) { 731 free(fingerpri