PT-2023-4006 · Libcurl+4 · Libcurl+4

Publicado

2023-06-27

Atualizado

2024-06-15

CVE-2023-32001

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libcurl (affected versions not specified)

Description The issue is related to a race condition problem in the fopen() function of the libcurl library, which can be exploited by a remote attacker to create or overwrite protected files. This can happen when libcurl is saving cookie, HSTS, and/or alt-svc data to files. The exploitation of this flaw may allow an attacker to trick the victim into creating or overwriting protected files in unintended ways.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Time Of Check To Time Of Use

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-367

Identificadores relacionados

ALT-PU-2023-4468

ALT-PU-2023-5710

ALT-PU-2023-5711

ALT-PU-2023-5727

BDU:2023-04304

CVE-2023-32001

DSA-5460-1

MGASA-2023-0263

OESA-2023-1443

OPENSUSE-SU-2023_2891-1

OPENSUSE-SU-2024:13069-1

SUSE-SU-2023:2880-1

SUSE-SU-2023:2891-1

SUSE-SU-2023_2880-1

SUSE-SU-2023_2891-1

USN-6237-1

USN-6237-2

Produtos afetados

Alt Linux

Linuxmint

Suse

Ubuntu

Libcurl

PT-2023-4006 · Libcurl+4 · Libcurl+4

CVE-2023-32001

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 121