Home > Vulnerability Database > CVE-2023-32001

Mend.io Vulnerability Database

CVE-2023-32001

Good to know:

Date: July 26, 2023

libcurl can be told to save cookie, HSTS and/or alt-svc data to files. When doing this, it called `stat()` followed by `fopen()` in a way that made it vulnerable to a TOCTOU race condition problem. By exploiting this flaw, an attacker could trick the victim to create or overwrite protected files holding this data in ways it was not intended to.

Language: C

Severity Score

5.0

Related Resources (6)

Url: https://www.debian.org/security/2023/dsa-5460

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGJ7POX4ATGERTSBFJPW2EQH4Z65PSZJ/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-32001

Url: https://hackerone.com/reports/2039870

Url: https://security-tracker.debian.org/tracker/CVE-2023-32001

Url: https://www.mend.io/vulnerability-database/CVE-2023-32001

Severity Score

5.0

Weakness Type (CWE)

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-367

Top Fix

Upgrade Version

Upgrade to version libcurl - 8.2.0

Learn More

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-32001

Good to know:

Date: July 26, 2023

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?