CVE-2023-28321
Description
curl <8.1.0 improperly matches wildcard patterns in Subject Alternative Names for IDN hostnames, allowing certificate validation bypass.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
curl <8.1.0 improperly matches wildcard patterns in Subject Alternative Names for IDN hostnames, allowing certificate validation bypass.
## Vulnerability curl versions prior to 8.1.0 contain an improper certificate validation vulnerability in the way they match wildcard patterns in TLS server certificates' Subject Alternative Names (SANs). Curl can be built to use its own name matching function instead of one from a TLS library. This private wildcard matching function mishandles International Domain Name (IDN) hosts: IDN hostnames are converted to punycode (starting with xn--), but the wildcard check can still match patterns like x*, which incorrectly accept certificates that should be rejected.
Exploitation
An attacker needs to obtain a TLS certificate with a crafted wildcard SAN that exploits the flawed matching logic. No special network position is required beyond the ability to serve the certificate during a TLS handshake. The attacker does not need authentication; the vulnerability is triggered automatically when curl connects to a server presenting the malicious certificate.
Impact
Successful exploitation allows an attacker to impersonate a legitimate IDN hostname, leading to potential man-in-the-middle attacks. The impact is information disclosure and compromise of trust in TLS connections, as the attacker's certificate is accepted for a domain it should not match.
Mitigation
The vulnerability is fixed in curl version 8.1.0. Users should upgrade to at least this version. For systems where upgrading is not immediately possible, consider using a TLS library that handles name matching correctly rather than relying on curl's private implementation. Apple's macOS updates referenced in support pages do not explicitly address this CVE; the fix is in curl itself.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
41- osv-coords39 versionspkg:rpm/almalinux/curlpkg:rpm/almalinux/curl-minimalpkg:rpm/almalinux/libcurlpkg:rpm/almalinux/libcurl-develpkg:rpm/almalinux/libcurl-minimalpkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/curl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/curl&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/curl&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/curl&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/curl&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/curl&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/curl&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 7.76.1-23.el9_2.2+ 38 more
- (no CPE)range: < 7.76.1-23.el9_2.2
- (no CPE)range: < 7.76.1-23.el9_2.2
- (no CPE)range: < 7.76.1-23.el9_2.2
- (no CPE)range: < 7.76.1-23.el9_2.2
- (no CPE)range: < 7.76.1-23.el9_2.2
- (no CPE)range: < 8.0.1-150400.5.23.1
- (no CPE)range: < 8.0.1-150400.5.23.1
- (no CPE)range: < 8.0.1-150400.5.23.1
- (no CPE)range: < 8.1.0-1.1
- (no CPE)range: < 7.60.0-150000.51.1
- (no CPE)range: < 7.66.0-150200.4.57.1
- (no CPE)range: < 7.66.0-150200.4.57.1
- (no CPE)range: < 7.60.0-150000.51.1
- (no CPE)range: < 7.66.0-150200.4.57.1
- (no CPE)range: < 7.66.0-150200.4.57.1
- (no CPE)range: < 7.66.0-150200.4.57.1
- (no CPE)range: < 7.66.0-150200.4.57.1
- (no CPE)range: < 7.66.0-150200.4.57.1
- (no CPE)range: < 8.0.1-150400.5.23.1
- (no CPE)range: < 8.0.1-150400.5.23.1
- (no CPE)range: < 8.0.1-150400.5.23.1
- (no CPE)range: < 7.66.0-150200.4.57.1
- (no CPE)range: < 7.37.0-37.98.1
- (no CPE)range: < 7.60.0-4.56.1
- (no CPE)range: < 7.60.0-4.56.1
- (no CPE)range: < 8.0.1-11.65.2
- (no CPE)range: < 7.60.0-150000.51.1
- (no CPE)range: < 7.66.0-150200.4.57.1
- (no CPE)range: < 7.66.0-150200.4.57.1
- (no CPE)range: < 7.60.0-4.56.1
- (no CPE)range: < 8.0.1-11.65.2
- (no CPE)range: < 7.60.0-150000.51.1
- (no CPE)range: < 7.66.0-150200.4.57.1
- (no CPE)range: < 7.66.0-150200.4.57.1
- (no CPE)range: < 8.0.1-11.65.2
- (no CPE)range: < 7.66.0-150200.4.57.1
- (no CPE)range: < 7.66.0-150200.4.57.1
- (no CPE)range: < 7.60.0-4.56.1
- (no CPE)range: < 7.60.0-4.56.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
12- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/mitrevendor-advisory
- security.gentoo.org/glsa/202310-12mitrevendor-advisory
- seclists.org/fulldisclosure/2023/Jul/47mitremailing-list
- seclists.org/fulldisclosure/2023/Jul/48mitremailing-list
- seclists.org/fulldisclosure/2023/Jul/52mitremailing-list
- lists.debian.org/debian-lts-announce/2023/10/msg00016.htmlmitremailing-list
- hackerone.com/reports/1950627mitre
- security.netapp.com/advisory/ntap-20230609-0009/mitre
- support.apple.com/kb/HT213843mitre
- support.apple.com/kb/HT213844mitre
- support.apple.com/kb/HT213845mitre
News mentions
0No linked articles in our index yet.