CVE-2023-32001

libcurl can be told to save cookie, HSTS and/or alt-svc data to files. When doing this, it called `stat()` followed by `fopen()` in a way that made it vulnerable to a TOCTOU race condition problem. By exploiting this flaw, an attacker could trick the victim to create or overwrite protected files holding this data in ways it was not intended to.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

01 Aug 2023, 06:15

Type Values Removed Values Added
References
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGJ7POX4ATGERTSBFJPW2EQH4Z65PSZJ/ -

27 Jul 2023, 05:15

Type Values Removed Values Added
References
  • (MISC) https://www.debian.org/security/2023/dsa-5460 -

26 Jul 2023, 21:40

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-26 21:15

Updated : 2024-02-05 00:01


NVD link : CVE-2023-32001

Mitre link : CVE-2023-32001

CVE.ORG link : CVE-2023-32001


JSON object : View

Products Affected

No product.

CWE

No CWE.