CVE-2023-46219 — Missing Encryption of Sensitive Data in Curl
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 57.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 12
Description
When saving HSTS data to an excessively long file name, curl could end up
removing all contents, making subsequent requests using that file unaware of
the HSTS status they should otherwise use.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4
🔴Vulnerability Details
5OSV▶
CVE-2023-46219: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of↗2023-12-12
OSV▶
CVE-2023-46219: When saving HSTS data to an excessively long file name, curl could end up
removing all contents, making subsequent requests using that file unaware of↗2023-12-12
CVEList▶
CVE-2023-46219: When saving HSTS data to an excessively long file name, curl could end up
removing all contents, making subsequent requests using that file unaware of↗2023-12-12
GHSA▶
GHSA-fj44-3xpp-9cx2: When saving HSTS data to an excessively long file name, curl could end up
removing all contents, making subsequent requests using that file unaware of↗2023-12-12
📋Vendor Advisories
4Microsoft▶
When saving HSTS data to an excessively long file name curl could end up
removing all contents making subsequent requests using that file unaware of
the HSTS status they should otherwise use.↗2023-12-12
Debian▶
CVE-2023-46219: curl - When saving HSTS data to an excessively long file name, curl could end up removi...↗2023