Home > Vulnerability Database > CVE-2023-46219

Mend.io Vulnerability Database

CVE-2023-46219

Good to know:

Date: December 11, 2023

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.

Language: C

Severity Score

5.3

Related Resources (9)

Url: https://hackerone.com/reports/2236133

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-46219

Url: https://curl.se/docs/CVE-2023-46219.html

Url: https://security-tracker.debian.org/tracker/CVE-2023-46219

Url: https://github.com/curl/curl/commit/20f9dd6bae50b722

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/

Url: https://www.debian.org/security/2023/dsa-5587

Url: https://security.netapp.com/advisory/ntap-20240119-0007/

Url: https://www.mend.io/vulnerability-database/CVE-2023-46219

Severity Score

5.3

Weakness Type (CWE)

Missing Encryption of Sensitive Data

CWE-311

Top Fix

Upgrade Version

Upgrade to version curl-8_5_0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-46219

Good to know:

Date: December 11, 2023

Language: C

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?