Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 919889 (CVE-2023-46219)

Summary: <net-misc/curl-8.5.0: removes HSTS contents
Product: Gentoo Security Reporter: Christopher Fore <csfore>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: base-system, kangie
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://hackerone.com/reports/2236133
Whiteboard: A4 [stable?]
Package list:
Runtime testing required: ---

Description Christopher Fore 2023-12-14 15:28:37 UTC 
CVE-2023-46219 (https://hackerone.com/reports/2236133):

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.