Vulnerability Details : CVE-2023-28321
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.
Products affected by CVE-2023-28321
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:ontap_antivirus_connector:-:*:*:*:*:*:*:*
- cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-28321
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-28321
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2023-28321
-
The product does not validate, or incorrectly validates, a certificate.Assigned by:
- nvd@nist.gov (Primary)
- support@hackerone.com (Secondary)
References for CVE-2023-28321
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/
[SECURITY] Fedora 37 Update: curl-7.85.0-9.fc37 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/
[SECURITY] Fedora 38 Update: curl-8.0.1-2.fc38 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://hackerone.com/reports/1950627
HackerOneExploit;Patch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html
[SECURITY] [DLA 3613-1] curl security updateMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20230609-0009/
May 2023 cURL/libcURL Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://support.apple.com/kb/HT213845
About the security content of macOS Big Sur 11.7.9 - Apple SupportThird Party Advisory
-
https://support.apple.com/kb/HT213844
About the security content of macOS Monterey 12.6.8 - Apple SupportThird Party Advisory
-
http://seclists.org/fulldisclosure/2023/Jul/52
Full Disclosure: APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9Mailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/202310-12
curl: Multiple Vulnerabilities (GLSA 202310-12) — Gentoo securityThird Party Advisory
-
http://seclists.org/fulldisclosure/2023/Jul/48
Full Disclosure: APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8Mailing List;Third Party Advisory
-
https://support.apple.com/kb/HT213843
About the security content of macOS Ventura 13.5 - Apple SupportThird Party Advisory
-
http://seclists.org/fulldisclosure/2023/Jul/47
Full Disclosure: APPLE-SA-2023-07-24-4 macOS Ventura 13.5Mailing List;Third Party Advisory
Jump to