CVE-2023-32001

Related Files

Ubuntu Security Notice USN-6237-3

Posted Sep 12, 2023

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6237-3 - USN-6237-1 fixed several vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts.

tags | advisory, remote, spoof, vulnerability

systems | linux, ubuntu

advisories | CVE-2023-28321, CVE-2023-28322, CVE-2023-32001

SHA-256 | 4aab60fd32ca66bfe087d6a307e821248cd1fc2c9b55fb50ae6a43d6c19b5921

Download | Favorite | View

Debian Security Advisory 5460-1

Posted Jul 27, 2023

Authored by Debian | Site debian.org

Debian Linux Security Advisory 5460-1 - It was discovered that Curl performed incorrect file path handling when saving cookies to files, which could lead to the creation or overwriting of files.

tags | advisory

systems | linux, debian

advisories | CVE-2023-32001

SHA-256 | 6e2f994d08396a20ab9a51c73c0d306c696b60020ddc145cb1423220ed1abd2b

Download | Favorite | View

Ubuntu Security Notice USN-6237-2

Posted Jul 20, 2023

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6237-2 - USN-6237-1 fixed vulnerabilities in curl. The update caused a certificate wildcard handling regression on Ubuntu 22.04 LTS. This update fixes the problem. Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service. It was discovered that curl incorrectly handled saving cookies to files. A local attacker could possibly use this issue to create or overwrite files. This issue only affected Ubuntu 22.10, and Ubuntu 23.04.

tags | advisory, remote, denial of service, local, spoof, vulnerability, info disclosure

systems | linux, ubuntu

advisories | CVE-2023-28321, CVE-2023-28322, CVE-2023-32001

SHA-256 | e8dd9101762b6b8471b622e391d8e553d5793d3028a030db99705ea7fe07b3a9

Download | Favorite | View

Ubuntu Security Notice USN-6237-1

Posted Jul 19, 2023

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6237-1 - Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service.

tags | advisory, remote, denial of service, spoof, info disclosure

systems | linux, ubuntu

advisories | CVE-2023-28321, CVE-2023-28322, CVE-2023-32001

SHA-256 | 51f46d8ba4e11574eb483e508710565644dc207c352aed8e601c8ec28e6a4ba4

Download | Favorite | View