Medium severity5.3NVD Advisory· Published Dec 12, 2023· Updated May 12, 2026
CVE-2023-46219
CVE-2023-46219
Description
When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
- osv-coords27 versionspkg:apk/chainguard/curlpkg:apk/chainguard/curl-devpkg:apk/chainguard/curl-docpkg:apk/chainguard/curl-oci-entrypointpkg:apk/chainguard/curl-staticpkg:apk/chainguard/libcurl4pkg:apk/chainguard/libcurl-openssl4pkg:apk/wolfi/curlpkg:apk/wolfi/curl-devpkg:apk/wolfi/curl-docpkg:apk/wolfi/curl-oci-entrypointpkg:apk/wolfi/curl-staticpkg:apk/wolfi/libcurl4pkg:apk/wolfi/libcurl-openssl4pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/opensuse/curl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 8.5.0-r0+ 26 more
- (no CPE)range: < 8.5.0-r0
- (no CPE)range: < 8.5.0-r0
- (no CPE)range: < 8.5.0-r0
- (no CPE)range: < 8.5.0-r0
- (no CPE)range: < 8.5.0-r0
- (no CPE)range: < 8.5.0-r0
- (no CPE)range: < 8.5.0-r0
- (no CPE)range: < 8.5.0-r0
- (no CPE)range: < 8.5.0-r0
- (no CPE)range: < 8.5.0-r0
- (no CPE)range: < 8.5.0-r0
- (no CPE)range: < 8.5.0-r0
- (no CPE)range: < 8.5.0-r0
- (no CPE)range: < 8.5.0-r0
- (no CPE)range: < 8.0.1-150400.5.36.1
- (no CPE)range: < 8.0.1-150400.5.36.1
- (no CPE)range: < 8.0.1-150400.5.36.1
- (no CPE)range: < 8.0.1-150400.5.36.1
- (no CPE)range: < 8.5.0-1.1
- (no CPE)range: < 8.0.1-150400.5.36.1
- (no CPE)range: < 8.0.1-150400.5.36.1
- (no CPE)range: < 8.0.1-150400.5.36.1
- (no CPE)range: < 8.0.1-150400.5.36.1
- (no CPE)range: < 8.0.1-150400.5.36.1
- (no CPE)range: < 8.0.1-11.80.1
- (no CPE)range: < 8.0.1-11.80.1
- (no CPE)range: < 8.0.1-11.80.1
Patches
Vulnerability mechanics
References
9- hackerone.com/reports/2236133nvdExploitThird Party Advisory
- curl.se/docs/CVE-2023-46219.htmlnvdVendor Advisory
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/nvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-093430.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-331112.htmlnvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/nvd
- security.netapp.com/advisory/ntap-20240119-0007/nvd
- www.debian.org/security/2023/dsa-5587nvd
News mentions
0No linked articles in our index yet.