Memory Exhaustion Vulnerability in Curl by Haxx
CVE-2023-38039
7.5HIGH
Key Information:
Badges
👾 Exploit Exists🟣 EPSS 14%
What is CVE-2023-38039?
A vulnerability has been identified in Curl where the lack of limits on HTTP response headers permits a malicious server to send an endless series of headers. This can ultimately lead to exhaustion of heap memory resources in the application, potentially causing crashes or service interruptions. Users of Curl should review their configurations and apply the necessary updates to mitigate this risk.
Affected Version(s)
curl 8.3.0
curl 7.84.0
References
EPSS Score
14% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved