CVE-2023-38039

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2023/Oct/17	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/34	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/37	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/38	Mailing List Third Party Advisory
https://hackerone.com/reports/2072338	Exploit Issue Tracking Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/	Mailing List
https://security.gentoo.org/glsa/202310-12	Third Party Advisory
https://security.netapp.com/advisory/ntap-20231013-0005/	Third Party Advisory
https://support.apple.com/kb/HT214036	Third Party Advisory
https://support.apple.com/kb/HT214057	Third Party Advisory
https://support.apple.com/kb/HT214058	Third Party Advisory
https://support.apple.com/kb/HT214063	Third Party Advisory
https://www.insyde.com/security-pledge/SA-2023064	Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/17	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/34	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/37	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/38	Mailing List Third Party Advisory
https://hackerone.com/reports/2072338	Exploit Issue Tracking Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/	Mailing List
https://security.gentoo.org/glsa/202310-12	Third Party Advisory
https://security.netapp.com/advisory/ntap-20231013-0005/	Third Party Advisory
https://support.apple.com/kb/HT214036	Third Party Advisory
https://support.apple.com/kb/HT214057	Third Party Advisory
https://support.apple.com/kb/HT214058	Third Party Advisory
https://support.apple.com/kb/HT214063	Third Party Advisory
https://www.insyde.com/security-pledge/SA-2023064	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:microsoft:windows_10_1809::::::::
	cpe:2.3:o:microsoft:windows_10_21h2::::::::
	cpe:2.3:o:microsoft:windows_10_22h2::::::::
	cpe:2.3:o:microsoft:windows_11_21h2::::::::
	cpe:2.3:o:microsoft:windows_11_22h2::::::::
	cpe:2.3:o:microsoft:windows_11_23h2::::::::
	cpe:2.3:o:microsoft:windows_server_2019::::::::
	cpe:2.3:o:microsoft:windows_server_2022::::::::

History

21 Nov 2024, 08:12

01 Apr 2024, 15:45

Type	Values Removed	Values Added
References	~~() http://seclists.org/fulldisclosure/2023/Oct/17 - Third Party Advisory~~	() http://seclists.org/fulldisclosure/2023/Oct/17 - Mailing List, Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/34 - Third Party Advisory~~	() http://seclists.org/fulldisclosure/2024/Jan/34 - Mailing List, Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/37 - Third Party Advisory~~	() http://seclists.org/fulldisclosure/2024/Jan/37 - Mailing List, Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/38 - Third Party Advisory~~	() http://seclists.org/fulldisclosure/2024/Jan/38 - Mailing List, Third Party Advisory
First Time		Microsoft windows 10 1809 Microsoft windows 11 22h2 Microsoft Microsoft windows 10 22h2 Microsoft windows 10 21h2 Microsoft windows 11 21h2 Microsoft windows 11 23h2 Microsoft windows Server 2022 Microsoft windows Server 2019
CPE		cpe:2.3:o:microsoft:windows_server_2019:::::::: cpe:2.3:o:microsoft:windows_server_2022:::::::: cpe:2.3:o:microsoft:windows_11_23h2:::::::: cpe:2.3:o:microsoft:windows_11_22h2:::::::: cpe:2.3:o:microsoft:windows_10_21h2:::::::: cpe:2.3:o:microsoft:windows_10_1809:::::::: cpe:2.3:o:microsoft:windows_10_22h2:::::::: cpe:2.3:o:microsoft:windows_11_21h2::::::::

01 Feb 2024, 01:00

Type	Values Removed	Values Added
References	~~() http://seclists.org/fulldisclosure/2024/Jan/38 -~~	() http://seclists.org/fulldisclosure/2024/Jan/38 - Third Party Advisory
References	~~() https://support.apple.com/kb/HT214058 -~~	() https://support.apple.com/kb/HT214058 - Third Party Advisory
References	~~(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/ -~~	(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/ - Mailing List
References	~~(MISC) http://seclists.org/fulldisclosure/2023/Oct/17 -~~	(MISC) http://seclists.org/fulldisclosure/2023/Oct/17 - Third Party Advisory
References	~~() https://support.apple.com/kb/HT214057 -~~	() https://support.apple.com/kb/HT214057 - Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/34 -~~	() http://seclists.org/fulldisclosure/2024/Jan/34 - Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jan/37 -~~	() http://seclists.org/fulldisclosure/2024/Jan/37 - Third Party Advisory
References	~~(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/ -~~	(MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/ - Mailing List
References	~~() https://www.insyde.com/security-pledge/SA-2023064 -~~	() https://www.insyde.com/security-pledge/SA-2023064 - Third Party Advisory
References	~~() https://support.apple.com/kb/HT214063 -~~	() https://support.apple.com/kb/HT214063 - Third Party Advisory
References	~~(MISC) https://security.netapp.com/advisory/ntap-20231013-0005/ -~~	(MISC) https://security.netapp.com/advisory/ntap-20231013-0005/ - Third Party Advisory
References	~~() https://support.apple.com/kb/HT214036 -~~	() https://support.apple.com/kb/HT214036 - Third Party Advisory
References	~~(MISC) https://security.gentoo.org/glsa/202310-12 -~~	(MISC) https://security.gentoo.org/glsa/202310-12 - Third Party Advisory
CPE		cpe:2.3:o:fedoraproject:fedora:37:::::::* cpe:2.3:o:fedoraproject:fedora:39:::::::*

26 Jan 2024, 17:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Jan/38 - () http://seclists.org/fulldisclosure/2024/Jan/34 - () http://seclists.org/fulldisclosure/2024/Jan/37 -

23 Jan 2024, 14:15

Type	Values Removed	Values Added
References		() https://support.apple.com/kb/HT214036 -

22 Jan 2024, 19:15

Type	Values Removed	Values Added
References		() https://support.apple.com/kb/HT214057 - () https://support.apple.com/kb/HT214058 - () https://support.apple.com/kb/HT214063 -

12 Dec 2023, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-15 04:15

Updated : 2024-11-21 08:12

NVD link : CVE-2023-38039

Mitre link : CVE-2023-38039

CVE.ORG link : CVE-2023-38039

JSON object : View

Products Affected

microsoft

windows_10_21h2
windows_server_2019
windows_server_2022
windows_10_1809
windows_11_21h2
windows_10_22h2
windows_11_23h2
windows_11_22h2

fedoraproject

fedora

haxx

curl

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2023-38039", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-09-15T04:15:10.127", "references": [{"url": "http://seclists.org/fulldisclosure/2023/Oct/17", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/34", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/37", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/38", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://hackerone.com/reports/2072338", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/", "tags": ["Mailing List"], "source": "support@hackerone.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/", "tags": ["Mailing List"], "source": "support@hackerone.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/", "tags": ["Mailing List"], "source": "support@hackerone.com"}, {"url": "https://security.gentoo.org/glsa/202310-12", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://security.netapp.com/advisory/ntap-20231013-0005/", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://support.apple.com/kb/HT214036", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://support.apple.com/kb/HT214057", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://support.apple.com/kb/HT214058", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://support.apple.com/kb/HT214063", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://www.insyde.com/security-pledge/SA-2023064", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "http://seclists.org/fulldisclosure/2023/Oct/17", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/34", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/37", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2024/Jan/38", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://hackerone.com/reports/2072338", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202310-12", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20231013-0005/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/kb/HT214036", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/kb/HT214057", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/kb/HT214058", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/kb/HT214063", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.insyde.com/security-pledge/SA-2023064", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "When curl retrieves an HTTP response, it stores the incoming headers so that\nthey can be accessed later via the libcurl headers API.\n\nHowever, curl did not have a limit in how many or how large headers it would\naccept in a response, allowing a malicious server to stream an endless series\nof headers and eventually cause curl to run out of heap memory."}, {"lang": "es", "value": "Cuando curl recupera una respuesta HTTP, almacena los encabezados entrantes para que se pueda acceder a ellos m\u00e1s tarde a trav\u00e9s de la API de encabezados libcurl. Sin embargo, curl no ten\u00eda un l\u00edmite en cuanto a la cantidad o el tama\u00f1o de encabezados que aceptar\u00eda en una respuesta, lo que permit\u00eda que un servidor malicioso transmitiera una serie interminable de encabezados y, finalmente, provocara que curl se quedara sin memoria din\u00e1mica."}], "lastModified": "2024-11-21T08:12:43.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB4B1B0E-7087-4220-A58A-D084F7325B66", "versionEndExcluding": "8.3.0", "versionStartIncluding": "7.84.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6B89EC5-12A3-457B-A297-B525FA447BA1", "versionEndExcluding": "10.0.17763.5122"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3286F3A-3F82-4433-AC77-F4907D3B1650", "versionEndExcluding": "10.0.19044.3693"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85ABCA53-40C8-452B-8D2F-7AAF3624DCD4", "versionEndExcluding": "10.0.19045.3693"}, {"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BCCEFB5-50CD-4D8A-B4A8-16B357367487", "versionEndExcluding": "10.0.22000.2600"}, {"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "656DB244-CD92-4288-A4CD-76ED0492D65C", "versionEndExcluding": "10.0.22621.2715"}, {"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC26CE6D-0DFD-4642-A806-2A312888A451", "versionEndExcluding": "10.0.22631.2715"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "940B3D77-2D2E-41F3-8450-27AF8BB17F18", "versionEndExcluding": "10.0.17763.5122"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BB96325-BCC0-4C49-AF2A-A12C5CE1D818", "versionEndExcluding": "10.0.20348.2113"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}

7.5 /10