Search for vulnerabilities
Vulnerability details: VCID-s62k-x314-6khd
Vulnerability ID VCID-s62k-x314-6khd
Aliases CVE-2023-28319
Summary A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28319.json
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2023-28319
cvssv3.1 Medium https://curl.se/docs/CVE-2023-28319.html
cvssv3.1 7.5 http://seclists.org/fulldisclosure/2023/Jul/47
ssvc Track http://seclists.org/fulldisclosure/2023/Jul/47
cvssv3.1 7.5 http://seclists.org/fulldisclosure/2023/Jul/48
ssvc Track http://seclists.org/fulldisclosure/2023/Jul/48
cvssv3.1 7.5 http://seclists.org/fulldisclosure/2023/Jul/52
ssvc Track http://seclists.org/fulldisclosure/2023/Jul/52
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://hackerone.com/reports/1913733
ssvc Track https://hackerone.com/reports/1913733
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-28319
cvssv3.1 7.5 https://security.gentoo.org/glsa/202310-12
ssvc Track https://security.gentoo.org/glsa/202310-12
cvssv3.1 7.5 https://security.netapp.com/advisory/ntap-20230609-0009/
ssvc Track https://security.netapp.com/advisory/ntap-20230609-0009/
cvssv3.1 7.5 https://support.apple.com/kb/HT213843
ssvc Track https://support.apple.com/kb/HT213843
cvssv3.1 7.5 https://support.apple.com/kb/HT213844
ssvc Track https://support.apple.com/kb/HT213844
cvssv3.1 7.5 https://support.apple.com/kb/HT213845
ssvc Track https://support.apple.com/kb/HT213845
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28319.json
https://api.first.org/data/v1/epss?cve=CVE-2023-28319
https://curl.se/docs/CVE-2023-28319.html
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/1913733
1036239 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
202310-12 https://security.gentoo.org/glsa/202310-12
2196778 https://bugzilla.redhat.com/show_bug.cgi?id=2196778
47 http://seclists.org/fulldisclosure/2023/Jul/47
48 http://seclists.org/fulldisclosure/2023/Jul/48
52 http://seclists.org/fulldisclosure/2023/Jul/52
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_antivirus_connector:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_antivirus_connector:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
CVE-2023-28319 https://nvd.nist.gov/vuln/detail/CVE-2023-28319
HT213843 https://support.apple.com/kb/HT213843
HT213844 https://support.apple.com/kb/HT213844
HT213845 https://support.apple.com/kb/HT213845
ntap-20230609-0009 https://security.netapp.com/advisory/ntap-20230609-0009/
RHSA-2023:4628 https://access.redhat.com/errata/RHSA-2023:4628
RHSA-2023:4629 https://access.redhat.com/errata/RHSA-2023:4629
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28319.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://seclists.org/fulldisclosure/2023/Jul/47
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/ Found at http://seclists.org/fulldisclosure/2023/Jul/47
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://seclists.org/fulldisclosure/2023/Jul/48
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/ Found at http://seclists.org/fulldisclosure/2023/Jul/48
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://seclists.org/fulldisclosure/2023/Jul/52
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/ Found at http://seclists.org/fulldisclosure/2023/Jul/52
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://hackerone.com/reports/1913733
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/ Found at https://hackerone.com/reports/1913733
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-28319
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security.gentoo.org/glsa/202310-12
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/ Found at https://security.gentoo.org/glsa/202310-12
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20230609-0009/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/ Found at https://security.netapp.com/advisory/ntap-20230609-0009/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://support.apple.com/kb/HT213843
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/ Found at https://support.apple.com/kb/HT213843
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://support.apple.com/kb/HT213844
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/ Found at https://support.apple.com/kb/HT213844
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://support.apple.com/kb/HT213845
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/ Found at https://support.apple.com/kb/HT213845
Exploit Prediction Scoring System (EPSS)
Percentile 0.36787
EPSS Score 0.00152
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:29:03.485537+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/edge/main.json 37.0.0