CVE-2023-28319
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.
| CWE | CWE-416 |
| Vendor | n/a |
| Product | https://github.com/curl/curl |
| Published | May 26, 2023 |
| Last Updated | Jan 15, 2025 |
Stay Ahead of the Next One
Get instant alerts for n/a https://github.com/curl/curl
Be the first to know when new high vulnerabilities affecting n/a https://github.com/curl/curl are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
n/a / https://github.com/curl/curl
Fixed in 8.1.0
References
hackerone.com: https://hackerone.com/reports/1913733 security.netapp.com: https://security.netapp.com/advisory/ntap-20230609-0009/ support.apple.com: https://support.apple.com/kb/HT213843 support.apple.com: https://support.apple.com/kb/HT213844 support.apple.com: https://support.apple.com/kb/HT213845 seclists.org: http://seclists.org/fulldisclosure/2023/Jul/52 seclists.org: http://seclists.org/fulldisclosure/2023/Jul/48 seclists.org: http://seclists.org/fulldisclosure/2023/Jul/47 security.gentoo.org: https://security.gentoo.org/glsa/202310-12