Vulnerability Details : CVE-2023-28319
Potential exploit
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.
Vulnerability category: Memory Corruption
Products affected by CVE-2023-28319
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:ontap_antivirus_connector:-:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-28319
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-28319
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-01-15 |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-28319
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by:
- nvd@nist.gov (Primary)
- support@hackerone.com (Secondary)
References for CVE-2023-28319
-
https://hackerone.com/reports/1913733
HackerOneExploit;Patch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20230609-0009/
May 2023 cURL/libcURL Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://support.apple.com/kb/HT213845
About the security content of macOS Big Sur 11.7.9 - Apple SupportThird Party Advisory
-
https://support.apple.com/kb/HT213844
About the security content of macOS Monterey 12.6.8 - Apple SupportThird Party Advisory
-
http://seclists.org/fulldisclosure/2023/Jul/52
Full Disclosure: APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9Mailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/202310-12
curl: Multiple Vulnerabilities (GLSA 202310-12) — Gentoo securityThird Party Advisory
-
http://seclists.org/fulldisclosure/2023/Jul/48
Full Disclosure: APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8Mailing List;Third Party Advisory
-
https://support.apple.com/kb/HT213843
About the security content of macOS Ventura 13.5 - Apple SupportThird Party Advisory
-
http://seclists.org/fulldisclosure/2023/Jul/47
Full Disclosure: APPLE-SA-2023-07-24-4 macOS Ventura 13.5Mailing List;Third Party Advisory
Jump to