CVE-2023-32001 Information
Jul 27, 2023
cve
Description
libcurl can be told to save cookie HSTS and/or alt-svc data to files. When
doing this it called stat() followed by fopen() in a way that made it
vulnerable to a TOCTOU race condition problem.
By exploiting this flaw an attacker could trick the victim to create or overwrite protected files holding this data in ways it was not intended to.
Reference
https://hackerone.com/reports/2039870
libcurl
can
be
told
to
save
cookie
HSTS
and/or
alt-svc
data
to
files.
When
doing
this
it
called
stat()
followed
by
fopen()
in
a
way
that
made
it
vulnerable
to
a
TOCTOU
race
condition
problem.
By exploiting this flaw an attacker could trick the victim to create or overwrite protected files holding this data in ways it was not intended to.
Share on: