CVE-2023-38546

CVSS 3.1 Score 3.7 of 10 (low)

Details

Published Oct 18, 2023

Updated: Jul 9, 2024

Summary

CVE-2023-38546 is a vulnerability affecting libcurl's cookie handling. When an easy handle, which is an individual transfer handle, is cloned using the curl_easy_duphandle function, the cookie-enable state is copied but not the actual cookies. If the source handle did not load cookies from a file on disk, the cloned handle inadvertently loads cookies from a file named "none" in the current directory if it exists and is readable. This issue allows attackers to insert cookies into running programs using libcurl, potentially leading to unintended data access or hijacking.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Libcurl

Affected Vendors

Haxx

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sDZgqi
https://www.cve.org/CVERecord?id=CVE-2023-38546
https://nvd.nist.gov/vuln/detail/CVE-2023-38546

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners