Search for vulnerabilities
Vulnerability details: VCID-gwcj-g9n8-aaas
Vulnerability ID VCID-gwcj-g9n8-aaas
Aliases CVE-2023-38546
Summary This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-73 External Control of File Name or Path
System Score Found at
cvssv3 3.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00385 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00385 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00385 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00396 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00396 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.00396 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.01715 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.01715 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.01715 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.01715 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.01715 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.01715 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.01715 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.01715 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.01715 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.01715 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.01715 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.01715 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.01715 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.01715 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
epss 0.03297 https://api.first.org/data/v1/epss?cve=CVE-2023-38546
cvssv3.1 Low https://curl.se/docs/CVE-2023-38546.html
cvssv3.1 4.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 3.7 https://nvd.nist.gov/vuln/detail/CVE-2023-38546
cvssv3.1 3.7 https://nvd.nist.gov/vuln/detail/CVE-2023-38546
archlinux High https://security.archlinux.org/AVG-2845
archlinux High https://security.archlinux.org/AVG-2846
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json
https://api.first.org/data/v1/epss?cve=CVE-2023-38546
https://curl.se/docs/CVE-2023-38546.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546
http://seclists.org/fulldisclosure/2024/Jan/34
http://seclists.org/fulldisclosure/2024/Jan/37
http://seclists.org/fulldisclosure/2024/Jan/38
https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/2148242
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/
https://support.apple.com/kb/HT214036
https://support.apple.com/kb/HT214057
https://support.apple.com/kb/HT214058
https://support.apple.com/kb/HT214063
2241938 https://bugzilla.redhat.com/show_bug.cgi?id=2241938
AVG-2845 https://security.archlinux.org/AVG-2845
AVG-2846 https://security.archlinux.org/AVG-2846
cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546
GLSA-202310-12 https://security.gentoo.org/glsa/202310-12
RHSA-2023:5700 https://access.redhat.com/errata/RHSA-2023:5700
RHSA-2023:5763 https://access.redhat.com/errata/RHSA-2023:5763
RHSA-2023:6292 https://access.redhat.com/errata/RHSA-2023:6292
RHSA-2023:6745 https://access.redhat.com/errata/RHSA-2023:6745
RHSA-2023:7540 https://access.redhat.com/errata/RHSA-2023:7540
RHSA-2023:7625 https://access.redhat.com/errata/RHSA-2023:7625
RHSA-2023:7626 https://access.redhat.com/errata/RHSA-2023:7626
RHSA-2024:1601 https://access.redhat.com/errata/RHSA-2024:1601
RHSA-2024:2092 https://access.redhat.com/errata/RHSA-2024:2092
RHSA-2024:2093 https://access.redhat.com/errata/RHSA-2024:2093
RHSA-2024:2101 https://access.redhat.com/errata/RHSA-2024:2101
USN-6429-1 https://usn.ubuntu.com/6429-1/
USN-6429-2 https://usn.ubuntu.com/6429-2/
USN-6429-3 https://usn.ubuntu.com/6429-3/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-38546
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-38546
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.46047
EPSS Score 0.00116
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.