CVE-2023-38546

一、漏洞信息
 漏洞编号：[CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546)
 漏洞归属组件：[curl](https://gitee.com/src-openeuler/curl)
 漏洞归属的版本：7.71.1,7.77.0,7.78.0,7.79.1,7.86.0,7.88.1,8.1.2
 CVSS V2.0分值：
  BaseScore：0.0 Low
  Vector：CVSS：2.0/
 漏洞简述：
  This flaw allows an attacker to insert cookies at will into a running programusing libcurl, if the specific series of conditions are met.libcurl performs transfers. In its API, an application creates  easy handles that are the individual handles for single transfers.libcurl provides a function call that duplicates en easy handle called[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).If a transfer has cookies enabled when the handle is duplicated, thecookie-enable state is also cloned - but without cloning the actualcookies. If the source handle did not read any cookies from a specific file ondisk, the cloned version of the handle would instead store the file name as`none` (using the four ASCII letters, no quotes).Subsequent use of the cloned handle that does not explicitly set a source toload cookies from would then inadvertently load cookies from a file named`none` - if such a file exists and is readable in the current directory of theprogram using libcurl. And if using the correct file format of course.
 漏洞公开时间：2023-10-18 04:15:11
 漏洞创建时间：2023-10-10 10:07:24
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2023-38546
<details>
<summary>更多参考(点击展开)</summary>

无
</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  其它
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

无
</details>

二、漏洞分析结构反馈
 影响性分析说明：
        libcurl在传输时会创建easy handle，并且提供了接口用于handle复制。如果传输时使能了cookie，handle在复制时cookie也会被复制，如果原handle未从磁盘文件读取cookie，复制的handle就会把文件名设置为none。复制handle在后续使用时如果没有显式指定cookie加载来源，并且使用libcurl的应用程序执行的当前目录中存在名为none的文件，并且可读，那么复制的handle就会无意地从该文件加载cookie，造成cookie注入。   
 openEuler评分：
  5.0
 Vector：CVSS：2.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP1(7.71.1):受影响
2.openEuler-20.03-LTS-SP3(7.71.1):受影响
3.openEuler-20.03-LTS-SP4:受影响
4.openEuler-22.03-LTS(7.79.1):受影响
5.openEuler-22.03-LTS-SP1(7.79.1):受影响
6.openEuler-22.03-LTS-SP2(7.79.1):受影响

修复是否涉及abi变化(是/否)：
  1.openEuler-20.03-LTS-SP1(7.71.1):否
2.openEuler-20.03-LTS-SP3(7.71.1):否
3.openEuler-20.03-LTS-SP4:否
4.openEuler-22.03-LTS(7.79.1):否
5.openEuler-22.03-LTS-SP1(7.79.1):否
6.openEuler-22.03-LTS-SP2(7.79.1):否

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2023-1762

src-openEuler/curl
关闭

内容风险标识

评论 (7)

src-openEuler/curl关闭 .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2023-38546

评论 (7)

搜索帮助

src-openEuler/curl
关闭