Описание
When saving HSTS data to an excessively long file name, curl could end up
removing all contents, making subsequent requests using that file unaware of
the HSTS status they should otherwise use.
A security bypass flaw was found in Curl, which can be triggered by saving HSTS data to an excessively long file name. This issue occurs due to an error in handling HSTS long file names, leading to the removal of all contents from the file during the save process, and may allow a remote attacker to send a specially crafted request to use files without awareness of the HSTS status and enable a Man-in-the-Middle (MitM) attack.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | curl | Not affected | ||
| Red Hat Enterprise Linux 7 | curl | Not affected | ||
| Red Hat Enterprise Linux 8 | curl | Not affected | ||
| Red Hat Enterprise Linux 9 | curl | Not affected | ||
| Red Hat Satellite 6 | puppet-agent | Affected | ||
| JBoss Core Services for RHEL 8 | jbcs-httpd24-curl | Fixed | RHSA-2024:1316 | 18.03.2024 |
| JBoss Core Services on RHEL 7 | jbcs-httpd24-curl | Fixed | RHSA-2024:1316 | 18.03.2024 |
| Text-Only JBCS | curl | Fixed | RHSA-2024:1317 | 18.03.2024 |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
When saving HSTS data to an excessively long file name, curl could end ...
5.3 Medium
CVSS3