CVE-2023-38546
Severity
3.7LOW
EPSS
0.3%
top 51.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 18
Latest updateApr 15
Description
This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met.
libcurl performs transfers. In its API, an application creates "easy handles"
that are the individual handles for single transfers.
libcurl provides a function call that duplicates en easy handle called
[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).
If a transfer has cookies enabled when the handle is duplicated, the
cookie-enab…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4
Affected Packages5 packages
Patches
🔴Vulnerability Details
5OSV▶
CVE-2023-38546: This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met↗2023-10-18
OSV▶
CVE-2023-38546: This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met↗2023-10-18
CVEList▶
CVE-2023-38546: This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met↗2023-10-18
GHSA▶
GHSA-x3qx-m3c2-qfhx: This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met↗2023-10-18