VDB
WID-SEC-W-2023-2335
WID-SEC-W-2023-2335
PUBLISHED
cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE Linux | ||
| Dell NetWorker vProxy< 19.10 | ||
| Red Hat JBoss Core Services 1 | ||
| Xerox FreeFlow Print Server v7 | ||
| Meinberg LANTIME < 7.08.004 | ||
| Gentoo Linux | ||
| Open Source cURL < 8.3.0 | ||
| Amazon Linux 2 | ||
| Dell NetWorker vProxy< 19.9.0.4 | ||
| Xerox FreeFlow Print Server v9 | ||
| Fedora Linux | ||
| Ubuntu Linux | ||
| IBM Rational ClearCase 9.1 | ||
| IBM Rational ClearCase 10.0.1 | ||
| Red Hat JBoss Core Services | ||
| IBM MQ | ||
| NetApp Data ONTAP 9 |
Exploit Intelligence
- CVE-2024-23222 WebKit type confusion → iOS 16.4.1 sandbox escape. Full chain: JSC JIT confusion → addrof/read64/write64 → WASM indirect call → arbitrary C functions → file write outside sandbox. (github-poc-repo)
- CVE-2024-23222 WebKit type confusion → iOS 16.4.1 sandbox escape. Full chain: JSC JIT confusion → addrof/read64/write64 → WASM indirect call → arbitrary C functions → file write outside sandbox. (github-poc)
- Comprehensive deobfuscated research of the Coruna iOS exploit kit targeting CVE-2024-23222. Analysis of WebKit Type Confusion, PAC Bypass, and Sandbox Escape (github-poc-repo)
- Adaptation of Cassowary CVE-2024-23222 for Linux x86_64 (github-poc-repo)
- Analyze and deobfuscate the Coruna Exploit Kit (CVE-2024-23222) to enhance understanding and detection of related threats. (github-poc-repo)
- Analyze and deobfuscate the Coruna Exploit Kit (CVE-2024-23222) to enhance understanding and detection of related threats. (github-poc)
- Adaptation of Cassowary CVE-2024-23222 for Linux x86_64 (github-poc)
- Comprehensive deobfuscated research of the Coruna iOS exploit kit targeting CVE-2024-23222. Analysis of WebKit Type Confusion, PAC Bypass, and Sandbox Escape (github-poc)
- https://alas.aws.amazon.com/AL2/ALAS-2023-2271.html (circl)
- https://ubuntu.com/security/notices/USN-6363-1 (circl)
…and 29 more exploits
Timeline
- Sep 12, 2023 CVE Published
- Mar 13, 2024 CVE Updated
- Apr 3, 2026 Distribution Patch
- Apr 3, 2026 Distribution Patch
- Apr 3, 2026 Distribution Patch
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2335.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2335 advisory
- https://curl.se/docs/CVE-2023-38039.html url
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-98dff7aae5 url
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-b1253907f1 url
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-43ef9f5376 url
- https://ubuntu.com/security/notices/USN-6363-1 url
- https://lists.suse.com/pipermail/sle-security-updates/2023-September/016229.html url
- https://lists.suse.com/pipermail/sle-security-updates/2023-September/016369.html url
- https://alas.aws.amazon.com/AL2/ALAS-2023-2271.html url
- https://security.gentoo.org/glsa/202310-12 url
- https://security.netapp.com/advisory/ntap-20231013-0005/ url
- https://de.tenable.com/security/tns-2023-34 url
- https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-05-lantime-firmware-version-7-08-004.htm url
- https://www.ibm.com/support/pages/node/7063646 url
- https://access.redhat.com/errata/RHSA-2023:7626 url
- https://access.redhat.com/errata/RHSA-2023:7625 url
- https://www.dell.com/support/kbdoc/de-de/000221476/dsa-2024-058-security-update-for-dell-networker-vproxy-multiple-components-vulnerabilities url
- https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox%C2%AE-Security-Bulletin-XRX24-004-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf url
- https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox-Security-Bulletin-XRX24-005-Xerox-FreeFlow%C2%AE-Print-Server-v9_Feb-2024.pdf url
…and 1 more