CVE-2023-28322: Infoleak
First published: Wed May 10 2023(Updated: )
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.
Credit: CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 support@hackerone.com support@hackerone.com support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Haxx Curl | <8.1.0 | |
| ubuntu/curl | <8.1.0 | 8.1.0 |
| ubuntu/curl | <7.68.0-1ubuntu2.19 | 7.68.0-1ubuntu2.19 |
| ubuntu/curl | <7.81.0-1ubuntu1.11 | 7.81.0-1ubuntu1.11 |
| ubuntu/curl | <7.85.0-1ubuntu0.6 | 7.85.0-1ubuntu0.6 |
| ubuntu/curl | <7.88.1-8ubuntu2.1 | 7.88.1-8ubuntu2.1 |
| ubuntu/curl | <7.58.0-2ubuntu3.24+ | 7.58.0-2ubuntu3.24+ |
| ubuntu/curl | <7.35.0-1ubuntu2.20+ | 7.35.0-1ubuntu2.20+ |
| ubuntu/curl | <7.47.0-1ubuntu2.19+ | 7.47.0-1ubuntu2.19+ |
| ubuntu/curl | <7.88.1-10ubuntu1 | 7.88.1-10ubuntu1 |
| Apple macOS Ventura | <13.5 | 13.5 |
| Apple macOS Big Sur | <11.7.9 | 11.7.9 |
| Apple macOS Monterey | <12.6.8 | 12.6.8 |
| debian/curl | <=7.64.0-4+deb10u2 | 7.64.0-4+deb10u8 7.74.0-1.3+deb11u11 7.88.1-10+deb12u5 8.5.0-2 8.6.0-2 |
| redhat/curl | <8.1.0 | 8.1.0 |
| Fedoraproject Fedora | =37 | |
| Fedoraproject Fedora | =38 | |
| Apple macOS | >=11.0<11.7.9 | |
| Apple macOS | >=12.0<12.6.8 | |
| Apple macOS | >=13.0<13.5 | |
| NetApp Clustered Data ONTAP | ||
| Netapp Ontap Antivirus Connector | ||
| All of | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| All of | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| All of | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| All of | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| IBM Storage Protect for Virtual Environments: Data Protection for VMware | <=8.1.0.0 - 8.1.22.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://hackerone.com/reports/1954658
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/
- https://security.netapp.com/advisory/ntap-20230609-0009/
- https://support.apple.com/kb/HT213843
- https://support.apple.com/kb/HT213844
- https://support.apple.com/kb/HT213845
- http://seclists.org/fulldisclosure/2023/Jul/52
- http://seclists.org/fulldisclosure/2023/Jul/48
- http://seclists.org/fulldisclosure/2023/Jul/47
- https://security.gentoo.org/glsa/202310-12
- https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/
- https://launchpad.net/bugs/cve/CVE-2023-28322
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322
- https://curl.se/docs/CVE-2023-28322.html
- https://ubuntu.com/security/notices/USN-6237-1
- https://ubuntu.com/security/notices/USN-6237-3
- https://nvd.nist.gov/vuln/detail/CVE-2023-28322
- https://security-tracker.debian.org/tracker/CVE-2023-28322
- https://github.com/curl/curl/commit/7815647d6582c0a4900be2e1de
- https://ubuntu.com/security/CVE-2023-28322
- https://support.apple.com/en-us/HT213843 (Advisory)
- https://support.apple.com/en-us/HT213845 (Advisory)
- https://support.apple.com/en-us/HT213844 (Advisory)
- https://github.com/curl/curl/commit/546572da0457f37c698c02d0a08d90fdfcbeedec
- https://github.com/curl/curl/commit/7815647d6582c0a4900be2e1de6c5e61272c496b
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2209338
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2209339
- https://access.redhat.com/security/cve/CVE-2023-28322
- https://access.redhat.com/errata/RHSA-2023:4354
- https://access.redhat.com/errata/RHSA-2023:4628
- https://access.redhat.com/errata/RHSA-2023:4629
- https://access.redhat.com/errata/RHSA-2023:5598
- https://access.redhat.com/errata/RHSA-2024:0428
- https://access.redhat.com/errata/RHSA-2024:0585
- https://access.redhat.com/errata/RHSA-2024:1601
- https://bugzilla.redhat.com/show_bug.cgi?id=2196793
- https://exchange.xforce.ibmcloud.com/vulnerabilities/255626
- https://www.ibm.com/support/pages/node/7157929 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-40439
- CVE-2023-38616
- CVE-2023-34425
- CVE-2023-38580
- CVE-2023-36862
- CVE-2023-32364
- CVE-2023-35983
- CVE-2023-40392
- CVE-2023-42828
- CVE-2023-34241
- CVE-2023-28319
- CVE-2023-28320
- CVE-2023-28321
- CVE-2023-28322
- CVE-2023-32416
- CVE-2023-40437
- CVE-2023-32418
- CVE-2023-36854
- CVE-2022-3970
- CVE-2023-28200
- CVE-2023-38590
- CVE-2023-38598
- CVE-2023-36495
- CVE-2023-37285
- CVE-2023-38604
- CVE-2023-32734
- CVE-2023-32441
- CVE-2023-38261
- CVE-2023-38424
- CVE-2023-38425
- CVE-2023-32381
- CVE-2023-32433
- CVE-2023-35993
- CVE-2023-38410
- CVE-2023-38606
- CVE-2023-38603
- CVE-2023-38565
- CVE-2023-38593
- CVE-2023-40440
- CVE-2023-38258
- CVE-2023-38421
- CVE-2023-1916
- CVE-2023-38571
- CVE-2023-29491
- CVE-2023-38601
- CVE-2023-32444
- CVE-2023-2953
- CVE-2023-42829
- CVE-2023-38609
- CVE-2023-38259
- CVE-2023-38564
- CVE-2023-38602
- CVE-2023-42831
- CVE-2023-32442
- CVE-2023-32443
- CVE-2023-42832
- CVE-2023-32429
- CVE-2023-1801
- CVE-2023-32654
- CVE-2023-2426
- CVE-2023-2609
- CVE-2023-2610
- CVE-2023-38608
- CVE-2023-38605
- CVE-2023-40397
- CVE-2023-38572
- CVE-2023-38599
- CVE-2023-32445
- CVE-2023-38592
- CVE-2023-38594
- CVE-2023-38595
- CVE-2023-38600
- CVE-2023-38611
- CVE-2023-37450
- CVE-2023-42866
- CVE-2023-38597
- CVE-2023-38133
- CVE-2023-40442
- CVE-2023-41990
- CVE-2023-32422
Frequently Asked Questions
What is CVE-2023-28322?
CVE-2023-28322 is a vulnerability in curl that allows for information disclosure during HTTP(S) transfers.
How severe is CVE-2023-28322?
CVE-2023-28322 has a severity rating of critical (9 out of 10).
Which software versions are affected by CVE-2023-28322?
curl versions up to and exclusive of 8.1.0 are affected by CVE-2023-28322.
How can I fix CVE-2023-28322?
To fix CVE-2023-28322, update curl to version 8.1.0 or later.
Where can I find more information about CVE-2023-28322?
You can find more information about CVE-2023-28322 on the following references: [HackerOne report](https://hackerone.com/reports/1954658), [Fedora package announcement](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/)
- collector/nvd-latest
- vendor/haxx
- vendor/curl
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/author
- agent/remedy
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- collector/apple-support
- source/Apple
- alias/CVE-2023-28320
- alias/CVE-2023-28321
- alias/CVE-2023-28322
- agent/software-canonical-lookup-request
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- collector/nvd-api
- collector/ibm-support
- source/IBM
- agent/softwarecombine
- agent/references
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- canonical/haxx curl
- package-manager/ubuntu
- vendor/apple
- canonical/apple macos ventura
- canonical/apple macos big sur
- canonical/apple macos monterey
- package-manager/debian
- package-manager/redhat
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/37
- version/fedoraproject fedora/38
- canonical/apple macos
- version/apple macos/11.0
- version/apple macos/12.0
- version/apple macos/13.0
- vendor/netapp
- canonical/netapp clustered data ontap
- canonical/netapp ontap antivirus connector
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h410s firmware
- canonical/netapp h410s
- vendor/ibm
- canonical/ibm storage protect for virtual environments: data protection for vmware
- version/ibm storage protect for virtual environments: data protection for vmware/8.1.0.0 - 8.1.22.0