CVE-2023-38039
ADVISORY - nistSummary
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API.
However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory.
EPSS Score: 0.14467 (0.943)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Allocation of Resources Without Limits or Throttling
ADVISORY - redhat
Allocation of Resources Without Limits or Throttling
NIST
CREATED
UPDATED
ADVISORY IDCVE-2023-38039
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5highAlpine
CREATED
UPDATED
ADVISORY IDCVE-2023-38039
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Debian
CREATED
UPDATED
ADVISORY IDCVE-2023-38039
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2023-38039
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
7.5mediumAmazon
CREATED
UPDATED
ADVISORY IDALAS2-2023-2271
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighAmazon
CREATED
UPDATED
ADVISORY IDALAS2023-2023-368
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2023-38039
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5mediumPhoton
CREATED
UPDATED
ADVISORY ID
CVE-2023-38039
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
7.5highintheWild
CREATED
UPDATED
ADVISORY IDCVE-2023-38039
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-