CVE-2023-28320

ADVISORY - nist

Summary

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm() and siglongjmp(). When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.

EPSS Score⁠: 0.00641 (0.697)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-362⁠

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-400⁠

Uncontrolled Resource Consumption

ADVISORY - redhat

CWE-662⁠

Improper Synchronization

Impacted images

Advisories

NIST

CREATED

2 years ago

UPDATED

6 months ago

ADVISORY IDCVE-2023-28320⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-362⁠CWE-400⁠

CVSS SCORE

5.9medium

Alpine

CREATED

2 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2023-28320⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

2 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2023-28320⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

2 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2023-28320⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.9low

Red Hat

CREATED

2 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2023-28320⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

3.7low

intheWild

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY IDCVE-2023-28320⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY