CVE-2023-38546
Public on 2023-10-11
Modified on 2024-02-07
Description
An issue was found in libcurl which allows cookies to be inserted into a running program if specific conditions are met. The libcurl provided function, curl_easy_duphandle(), is used to duplicate the easy_handle associated with a transfer. If a duplicated transfer's easy_handle has cookies enabled when it is duplicated, the cookie-enabled state is cloned but the actual cookies are not. If the source easy_handle didn't read cookies from disk, the cloned easy_handle will attempt to read cookies from a file named 'none' in the local directory, potentially allowing arbitrary cookies to be loaded.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | curl | Pending Fix | ||
| Amazon Linux 2 - Core | curl | 2023-10-10 | ALAS2-2023-2287 | Fixed |
| Amazon Linux 2023 | curl | 2023-10-10 | ALAS2023-2023-377 | Fixed |
| Amazon Linux 2 - Ecs Extra | ecs-service-connect-agent | 2023-10-31 | ALAS2ECS-2023-016 | Fixed |
| Amazon Linux 2023 | ecs-service-connect-agent | 2023-10-30 | ALAS2023-2023-420 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 3.6 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N |
| NVD | CVSSv3 | 3.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |