Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-qdcn-2u3v-b3cv
Vulnerability ID VCID-qdcn-2u3v-b3cv
Aliases CVE-2023-46218
Summary Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure.
Status Published
Exploitability 0.5
Weighted Severity 4.8
Risk 2.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-201 Insertion of Sensitive Information Into Sent Data
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46218.json
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2023-46218
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2023-46218
epss 0.00398 https://api.first.org/data/v1/epss?cve=CVE-2023-46218
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2023-46218
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2023-46218
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2023-46218
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2023-46218
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2023-46218
cvssv3.1 Medium https://curl.se/docs/CVE-2023-46218.html
cvssv3.1 4.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46218.json
https://api.first.org/data/v1/epss?cve=CVE-2023-46218
https://curl.se/docs/CVE-2023-46218.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46218
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/2212193
1057646 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057646
2252030 https://bugzilla.redhat.com/show_bug.cgi?id=2252030
GLSA-202409-20 https://security.gentoo.org/glsa/202409-20
RHSA-2024:0428 https://access.redhat.com/errata/RHSA-2024:0428
RHSA-2024:0434 https://access.redhat.com/errata/RHSA-2024:0434
RHSA-2024:0452 https://access.redhat.com/errata/RHSA-2024:0452
RHSA-2024:0585 https://access.redhat.com/errata/RHSA-2024:0585
RHSA-2024:1129 https://access.redhat.com/errata/RHSA-2024:1129
RHSA-2024:1316 https://access.redhat.com/errata/RHSA-2024:1316
RHSA-2024:1317 https://access.redhat.com/errata/RHSA-2024:1317
RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:1383
RHSA-2024:1601 https://access.redhat.com/errata/RHSA-2024:1601
RHSA-2024:2092 https://access.redhat.com/errata/RHSA-2024:2092
RHSA-2024:2093 https://access.redhat.com/errata/RHSA-2024:2093
RHSA-2024:2094 https://access.redhat.com/errata/RHSA-2024:2094
USN-6535-1 https://usn.ubuntu.com/6535-1/
USN-6641-1 https://usn.ubuntu.com/6641-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46218.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.60627
EPSS Score 0.00398
Published At April 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:02:46.737485+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202409-20 38.0.0