VDB
CVE-2023-32001
CVE-2023-32001
PUBLISHED
Es besteht eine Schwachstelle in libcurl. Dieser Fehler besteht aufgrund einer Time-of-Check-to-Time-of-Use (TOCTOU) Race Condition. Ein Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
EPSS 0.04% · 15.5th percentile
Risk Scores
EPSS Score
0.04%
15.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | |
| Fedora | Fedora Linux | |
| Open Source | Open Source libcurl >= 7.84.0 | |
| Gentoo | Gentoo Linux | |
| Open Source | Open Source libcurl <= 8.1.2 | |
| Insyde | Insyde UEFI Firmware < OPF RV 23.08 | |
| Meinberg | Meinberg LANTIME < 7.08.004 | |
| Insyde | Insyde UEFI Firmware < SPF RV 23.11 | |
| Debian | Debian Linux | |
| SUSE | SUSE Linux |
Exploit Intelligence
- [curl] CVE-2023-32001: fopen race condition (hackerone)
- CVE-2023-32001: fopen race condition (hackerone)
- [curl] CVE-2023-32001: fopen race condition (hackerone)
- CVE-2023-32001: fopen race condition (hackerone)
- [curl] CVE-2023-32001: fopen race condition (hackerone)
- CVE-2023-32001: fopen race condition (hackerone)
- https://hackerone.com/reports/2039870 (gitlab)
Timeline
- CVE Published
- Jul 25, 2023 PoC Published
- Jul 27, 2023 EPSS Score
- Jul 27, 2023 PoC Published
- Aug 14, 2023 EPSS Score
- Sep 1, 2023 EPSS Score
- Sep 20, 2023 EPSS Score
- Oct 8, 2023 EPSS Score
- Oct 26, 2023 EPSS Score
- Nov 13, 2023 EPSS Score
- Feb 8, 2024 EPSS Score
- Feb 27, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1789.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1789 advisory
- https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-05-lantime-firmware-version-7-08-004.htm advisory
- https://security.gentoo.org/glsa/202310-12 advisory
- https://www.insyde.com/security-pledge/SA-2023058 advisory
- https://ubuntu.com/security/notices/USN-6237-3 advisory
- https://lists.debian.org/debian-security-announce/2023/msg00152.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-July/015581.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-July/015583.html advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-189272bcce advisory
- https://ubuntu.com/security/notices/USN-6237-1 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-July/015530.html advisory
- https://ubuntu.com/security/notices/USN-6237-2 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-July/015534.html advisory
- https://github.com/curl/curl/commit/0c667188e0c6cda615a0 advisory
- https://curl.se/docs/CVE-2023-32001.html advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2101.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2101 advisory
- https://kunde.genua.de/nc/suche/view/neuer-patch-genucenter-80p6-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0&tx_genusupport_content%5BsearchTerm%5D=&tx_genusupport_content%5BforcePath%5D=&tx_genusupport_content%5Baction%5D=genuSupportSearch&tx_genusupport_content%5Bcontroller%5D=Content advisory