ALPINE-CVE-2023-46219

ALPINE-CVE-2023-46219 PUBLISHED CVSS 5.300000190734863 MEDIUM

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.18	curl	7.55.0-r0, 7.54.1-r0, 7.54.0-r0
Alpine:v3.20	curl	7.55.1-r0, 7.55.0-r0, 7.54.0-r0
Alpine:v3.16	curl	7.50.1-r0, 7.52.1-r1, 7.52.1-r0
Alpine:v3.21	curl	7.59.0-r1, 7.59.0-r0, 7.58.0-r2
Alpine:v3.15	curl	7.19.2-r0, 7.19.2-r1, 7.19.4-r0
Alpine:v3.17	curl	7.53.0-r0, 0, 7.19.2-r0
Alpine:v3.23	curl	8.2.0-r1, 8.2.0-r0, 8.1.2-r0
Alpine:v3.22	curl	8.4.0-r0, 7.39.0-r0, 0
Alpine:v3.19	curl	8.4.0-r0, 8.3.0-r1, 8.3.0-r0

Timeline

Dec 12, 2023 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2023-46219 advisory

Open in Interactive Console →