Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-23916HistoryFeb 23, 2023 - 8:15 p.m.
CVE-2023-23916
2023-02-2320:15:13
Debian Security Bug Tracker
security-tracker.debian.org
24
0.001 Low
EPSS
Percentile
43.6%
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the โchainedโ HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable โlinksโ in this โdecompression chainโ wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a โmalloc bombโ, making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | curl | <ย 7.88.1-1 | curl_7.88.1-1_all.deb |
| Debian | 11 | all | curl | <ย 7.74.0-1.3+deb11u7 | curl_7.74.0-1.3+deb11u7_all.deb |
| Debian | 10 | all | curl | <ย 7.64.0-4+deb10u5 | curl_7.64.0-4+deb10u5_all.deb |
| Debian | 999 | all | curl | <ย 7.88.1-1 | curl_7.88.1-1_all.deb |
| Debian | 13 | all | curl | <ย 7.88.1-1 | curl_7.88.1-1_all.deb |
Related
nessus
nessus
RHEL 8 : curl (RHSA-2023:1140)
2023-03-09 00:00:00
Debian DLA-3341-1 : curl - LTS security update
2023-02-24 00:00:00
CentOS 9 : curl-7.76.1-23.el9
2024-02-29 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-23916 affecting package mysql for versions less than 8.0.33-1
2023-05-03 16:24:32
CVE-2023-23916 affecting package curl for versions less than 7.88.1-1
2023-03-24 23:55:40
CVE-2023-23916 affecting package curl 7.86.0-3
2023-04-07 04:59:06
osv
osv
Moderate: curl security update
2023-03-08 16:37:30
Moderate: curl security update
2023-04-11 00:00:00
CVE-2023-23916
2023-02-23 20:15:13
prion
prion
Design/Logic Flaw
2023-02-23 20:15:00
rocky
rocky
curl security update
2023-03-08 16:37:30
redhat
redhat
(RHSA-2023:1140) Moderate: curl security update
2023-03-07 13:28:28
(RHSA-2023:1842) Moderate: curl security update
2023-04-18 16:09:24
(RHSA-2023:1701) Moderate: curl security update
2023-04-11 13:44:27
cve
cve
CVE-2023-23916
2023-02-23 20:15:13
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in cURL libcur ( CVE-2023-23916)
2023-06-28 20:13:51
Security Bulletin: Vulnerability in cURL libcurl affects IBM Process Mining . CVE-2023-23916
2023-05-05 14:55:22
Security Bulletin: A vulnerability in libcURL affect IBM Rational ClearCase.
2023-10-03 14:06:51
redhatcve
redhatcve
CVE-2023-23916
2023-02-17 11:57:23
almalinux
almalinux
Moderate: curl security update
2023-03-07 00:00:00
Moderate: curl security update
2023-04-11 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:0425-1)
2023-02-16 00:00:00
Mageia: Security Advisory (MGASA-2023-0054)
2023-03-28 00:00:00
Fedora: Security Advisory for curl (FEDORA-2023-94df30cbec)
2023-03-01 00:00:00
ubuntucve
ubuntucve
CVE-2023-23916
2023-02-15 00:00:00
oraclelinux
oraclelinux
curl security update
2023-04-11 00:00:00
curl security update
2023-03-07 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-02-18 05:23:01
cvelist
cvelist
CVE-2023-23916
2023-02-23 00:00:00
alpinelinux
alpinelinux
CVE-2023-23916
2023-02-23 20:15:13
mageia
mageia
Updated curl packages fix security vulnerability
2023-02-21 00:25:36
fedora
fedora
[SECURITY] Fedora 36 Update: curl-7.82.0-13.fc36
2023-02-28 02:02:43
[SECURITY] Fedora 37 Update: curl-7.85.0-6.fc37
2023-02-19 01:39:34
hackerone
hackerone
Internet Bug Bounty: HTTP multi-header compression denial of service
2023-02-24 15:01:59
curl: CVE-2023-23916: HTTP multi-header compression denial of service
2023-01-08 12:34:31
debian
debian
[SECURITY] [DSA 5365-1] curl security update
2023-02-27 22:00:09
freebsd
freebsd
curl -- multiple vulnerabilities
2023-02-15 00:00:00
amazon
amazon
Medium: curl
2023-04-13 19:01:00
Medium: curl
2023-03-02 22:36:00
slackware
slackware
[slackware-security] curl
2023-02-15 19:51:33
cloudfoundry
cloudfoundry
USN-5891-1: curl vulnerabilities | Cloud Foundry
2023-04-20 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2221
2023-08-22 13:21:47
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0350
2023-03-07 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0545
2023-03-07 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0603
2023-06-26 00:00:00
ics
ics
Hitachi Energy MSM
2023-05-09 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
aix
aix
Multiple vulnerabilities cURL libcurl affect AIX
2023-06-29 09:35:59
gentoo
gentoo
curl: Multiple Vulnerabilities
2023-10-11 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00