Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-gnx2-djyk-uyaf
Vulnerability ID VCID-gnx2-djyk-uyaf
Aliases CVE-2023-38546
Summary Cookie injection with none file This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle does not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-73 External Control of File Name or Path
System Score Found at
cvssv3 3.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
cvssv3.1 Low https://curl.se/docs/CVE-2023-38546.html
ssvc Track https://curl.se/docs/CVE-2023-38546.html
ssvc Track http://seclists.org/fulldisclosure/2024/Jan/34
ssvc Track http://seclists.org/fulldisclosure/2024/Jan/37
ssvc Track http://seclists.org/fulldisclosure/2024/Jan/38
ssvc Track https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868
cvssv3.1 4.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/
archlinux High https://security.archlinux.org/AVG-2845
archlinux High https://security.archlinux.org/AVG-2846
ssvc Track https://support.apple.com/kb/HT214036
ssvc Track https://support.apple.com/kb/HT214057
ssvc Track https://support.apple.com/kb/HT214058
ssvc Track https://support.apple.com/kb/HT214063
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json
https://api.first.org/data/v1/epss?cve=CVE-2023-38546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/2148242
2241938 https://bugzilla.redhat.com/show_bug.cgi?id=2241938
34 http://seclists.org/fulldisclosure/2024/Jan/34
37 http://seclists.org/fulldisclosure/2024/Jan/37
38 http://seclists.org/fulldisclosure/2024/Jan/38
AVG-2845 https://security.archlinux.org/AVG-2845
AVG-2846 https://security.archlinux.org/AVG-2846
CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546
CVE-2023-38546.HTML https://curl.se/docs/CVE-2023-38546.html
GLSA-202310-12 https://security.gentoo.org/glsa/202310-12
HT214036 https://support.apple.com/kb/HT214036
HT214057 https://support.apple.com/kb/HT214057
HT214058 https://support.apple.com/kb/HT214058
HT214063 https://support.apple.com/kb/HT214063
OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/
RHSA-2023:5700 https://access.redhat.com/errata/RHSA-2023:5700
RHSA-2023:5763 https://access.redhat.com/errata/RHSA-2023:5763
RHSA-2023:6292 https://access.redhat.com/errata/RHSA-2023:6292
RHSA-2023:6745 https://access.redhat.com/errata/RHSA-2023:6745
RHSA-2023:7540 https://access.redhat.com/errata/RHSA-2023:7540
RHSA-2023:7625 https://access.redhat.com/errata/RHSA-2023:7625
RHSA-2023:7626 https://access.redhat.com/errata/RHSA-2023:7626
RHSA-2024:1601 https://access.redhat.com/errata/RHSA-2024:1601
RHSA-2024:2092 https://access.redhat.com/errata/RHSA-2024:2092
RHSA-2024:2093 https://access.redhat.com/errata/RHSA-2024:2093
RHSA-2024:2101 https://access.redhat.com/errata/RHSA-2024:2101
USN-6429-1 https://usn.ubuntu.com/6429-1/
USN-6429-2 https://usn.ubuntu.com/6429-2/
USN-6429-3 https://usn.ubuntu.com/6429-3/
viewtopic.php?f=8&t=8868 https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/ Found at https://curl.se/docs/CVE-2023-38546.html
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/ Found at http://seclists.org/fulldisclosure/2024/Jan/34
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/ Found at http://seclists.org/fulldisclosure/2024/Jan/37
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/ Found at http://seclists.org/fulldisclosure/2024/Jan/38
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/ Found at https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/ Found at https://support.apple.com/kb/HT214036
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/ Found at https://support.apple.com/kb/HT214057
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/ Found at https://support.apple.com/kb/HT214058
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/ Found at https://support.apple.com/kb/HT214063
Exploit Prediction Scoring System (EPSS)
Percentile 0.48964
EPSS Score 0.00256
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:52:00.526671+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libcurl/CVE-2023-38546.yml 38.0.0