{"id":"CURL-CVE-2023-46218","summary":"cookie mixed case PSL bypass","details":"This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a\nlowercase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL\ndomain.","aliases":["CVE-2023-46218"],"modified":"2024-01-25T02:42:52.458434Z","published":"2023-12-06T08:00:00Z","database_specific":{"URL":"https://curl.se/docs/CVE-2023-46218.json","severity":"Medium","www":"https://curl.se/docs/CVE-2023-46218.html","issue":"https://hackerone.com/reports/2212193","affects":"both","last_affected":"8.4.0","award":{"amount":"2540","currency":"USD"},"package":"curl","CWE":{"id":"CWE-201","desc":"Information Exposure Through Sent Data"}},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.46.0"},{"fixed":"8.5.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"e77b5b7453c1e8ccd7ec0816890d98e2f392e465"},{"fixed":"2b0994c29a721c91c572cff7808c572a24d251eb"}]}],"versions":["8.4.0","8.3.0","8.2.1","8.2.0","8.1.2","8.1.1","8.1.0","8.0.1","8.0.0","7.88.1","7.88.0","7.87.0","7.86.0","7.85.0","7.84.0","7.83.1","7.83.0","7.82.0","7.81.0","7.80.0","7.79.1","7.79.0","7.78.0","7.77.0","7.76.1","7.76.0","7.75.0","7.74.0","7.73.0","7.72.0","7.71.1","7.71.0","7.70.0","7.69.1","7.69.0","7.68.0","7.67.0","7.66.0","7.65.3","7.65.2","7.65.1","7.65.0","7.64.1","7.64.0","7.63.0","7.62.0","7.61.1","7.61.0","7.60.0","7.59.0","7.58.0","7.57.0","7.56.1","7.56.0","7.55.1","7.55.0","7.54.1","7.54.0","7.53.1","7.53.0","7.52.1","7.52.0","7.51.0","7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0"],"database_specific":{"vanir_signatures":[{"id":"CURL-CVE-2023-46218-04099297","signature_type":"Function","signature_version":"v1","target":{"file":"lib/cookie.c","function":"Curl_cookie_add"},"digest":{"length":10170,"function_hash":"138260655856239098081716053511788377221"},"source":"https://github.com/curl/curl.git/commit/2b0994c29a721c91c572cff7808c572a24d251eb","deprecated":false},{"id":"CURL-CVE-2023-46218-640d5c49","signature_type":"Line","signature_version":"v1","target":{"file":"lib/cookie.c"},"digest":{"line_hashes":["70157023922273088324427000884924629680","92437533074026318023754548512791708265","174781051971824864692061611806535615933","317717153087227730924384644852634401824","320223818076096336606365255275427779195","147452772515304361370177013713828761412","163503535934513669771314972304392725527","231785432830425780566036868222861730032","286735239701402540127725202216210978251","193259407853272010415575233417515494247","49884205652123128562972741131269080654"],"threshold":0.9},"source":"https://github.com/curl/curl.git/commit/2b0994c29a721c91c572cff7808c572a24d251eb","deprecated":false}],"source":"https://curl.se/docs/CURL-CVE-2023-46218.json"}}],"schema_version":"1.7.3","credits":[{"name":"Harry Sintonen","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}