CVE-2023-38546

Name of the Vulnerable Software and Affected Versions libcurl versions prior to 8.4.0

Description This issue allows an attacker to insert cookies at will into a running program using libcurl, if specific series of conditions are met. libcurl performs transfers and provides a function call that duplicates an easy handle called curl easy duphandle. If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as none. Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named none - if such a file exists and is readable in the current directory of the program using libcurl.

Recommendations Update to libcurl version 8.4.0 or later to resolve the issue. As a temporary workaround, consider explicitly setting a source to load cookies from when using the curl easy duphandle function to avoid inadvertently loading cookies from a file named none.