{"id":"CURL-CVE-2023-46219","summary":"HSTS long filename clears contents","details":"When saving HSTS data to an excessively long filename, curl could end up\nremoving all contents, making subsequent requests using that file unaware of\nthe HSTS status they should otherwise use.","aliases":["CVE-2023-46219"],"modified":"2024-06-07T13:53:51Z","published":"2023-12-06T08:00:00Z","database_specific":{"severity":"Low","URL":"https://curl.se/docs/CVE-2023-46219.json","www":"https://curl.se/docs/CVE-2023-46219.html","last_affected":"8.4.0","issue":"https://hackerone.com/reports/2236133","CWE":{"id":"CWE-311","desc":"Missing Encryption of Sensitive Data"},"package":"curl","affects":"both","award":{"currency":"USD","amount":"540"}},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.84.0"},{"fixed":"8.5.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"20f9dd6bae50b7223171b17ba7798946e74f877f"},{"fixed":"73b65e94f3531179de45c6f3c836a610e3d0a846"}]}],"versions":["8.4.0","8.3.0","8.2.1","8.2.0","8.1.2","8.1.1","8.1.0","8.0.1","8.0.0","7.88.1","7.88.0","7.87.0","7.86.0","7.85.0","7.84.0"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2023-46219.json","vanir_signatures":[{"digest":{"length":1181,"function_hash":"322521448480441824076349091693471863624"},"source":"https://github.com/curl/curl.git/commit/73b65e94f3531179de45c6f3c836a610e3d0a846","id":"CURL-CVE-2023-46219-345f4148","target":{"file":"lib/fopen.c","function":"Curl_fopen"},"deprecated":false,"signature_type":"Function","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["141771554961623801452922120631762225644","82787012570203242169153838112032331236","294693242851234537244736533753545159362","12424288094917010005575599408517436759","124428138736793990568618883161584762487","300507652766921692831964778527059029956","168911649268973449864992550166069421481","106900510572222239508388653374741936645","319267685858350145932267975915255711338","93967306247015248528650144731437315148","72963164035412696461093506355303529437","182001560438617645742021710878070899227","333765855877198845699797559849505697945","183889325021050708559981981758921351838","222364463068963623330822235027063156518","137965764669989750475839444417327880578","105094198410978040163287063016242362114","93579072356192464791921231798830910095","183150360300328616239417757634531496897","87531163363730378660501473877928006252","266430157886770284926444102501263520649","163315384743240797309299526992266223294","185289273960668621851294809427430254831","322027284671455959894357038395360261908","97553119457857174697571054867947585806","41556339523477586271285710666600171980","173229717581375388273969815577773595020","14957658089440140526234514041175034353"]},"source":"https://github.com/curl/curl.git/commit/73b65e94f3531179de45c6f3c836a610e3d0a846","id":"CURL-CVE-2023-46219-8fb0e127","target":{"file":"lib/fopen.c"},"deprecated":false,"signature_type":"Line","signature_version":"v1"}]}}],"schema_version":"1.7.3","credits":[{"name":"Maksymilian Arciemowicz","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}