CVE-2023-38546

CVE Details

Release Date:

2023-10-11

Description

This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course.

See more information about CVE-2023-38546 from MITRE CVE dictionary and NIST NVD

CVSS v3.0 metrics

NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.

Base Score:	3.7	Base Metrics:	AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Access Vector:	Network	Attack Complexity:	High
Privileges Required:	None	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	Low	Availability Impact:	None

Errata information

Platform	Errata	Release Date
Oracle Linux version 8 (curl)	ELSA-2024-1601	2024-04-03
Oracle Linux version 9 (curl)	ELSA-2023-5763	2023-10-18
Oracle Linux version 9 (curl)	ELSA-2023-6745	2023-11-16

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team