CVE-2023-38039 | HackTesting

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory.

References

https://hackerone.com/reports/2072338

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/

https://security.gentoo.org/glsa/202310-12

https://security.netapp.com/advisory/ntap-20231013-0005/

http://seclists.org/fulldisclosure/2023/Oct/17

https://support.apple.com/kb/HT214036

https://www.insyde.com/security-pledge/SA-2023064

https://support.apple.com/kb/HT214063

https://support.apple.com/kb/HT214057

https://support.apple.com/kb/HT214058

http://seclists.org/fulldisclosure/2024/Jan/34

http://seclists.org/fulldisclosure/2024/Jan/37

http://seclists.org/fulldisclosure/2024/Jan/38