StarlingX

[Debian] High CVE: CVE-2023-46218 curl: a mixed case flaw

Bug #2047316 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Zhixiong Chi

Bug Description

CVE-2023-46218: https://nvd.nist.gov/vuln/detail/CVE-2023-46218

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.

Base Score: High

Reference:

['curl_7.74.0-1.3+deb11u10_amd64.deb===>curl_7.74.0-1.3+deb11u11_amd64.deb', 'libcurl3-gnutls_7.74.0-1.3+deb11u10_amd64.deb===>libcurl3-gnutls_7.74.0-1.3+deb11u11_amd64.deb', 'libcurl4_7.74.0-1.3+deb11u10_amd64.deb===>libcurl4_7.74.0-1.3+deb11u11_amd64.deb', 'libcurl4-gnutls-dev_7.74.0-1.3+deb11u10_amd64.deb===>libcurl4-gnutls-dev_7.74.0-1.3+deb11u11_amd64.deb', 'libcurl4-openssl-dev_7.74.0-1.3+deb11u10_amd64.deb===>libcurl4-openssl-dev_7.74.0-1.3+deb11u11_amd64.deb']
https://www.debian.org/security/2023/dsa-5587
https://www.tenable.com/plugins/nessus/187288

CVE References

Zhixiong Chi (zhixiongchi)
Changed in starlingx:
assignee: nobody → Zhixiong Chi (zhixiongchi)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/904421

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/904421
Committed: https://opendev.org/starlingx/tools/commit/fcf426cf154d8e9f9632a0dfe4bcde5c9ae93243
Submitter: "Zuul (22348)"
Branch: master

commit fcf426cf154d8e9f9632a0dfe4bcde5c9ae93243
Author: Zhixiong Chi <email address hidden>
Date: Sun Dec 24 22:39:15 2023 -0800

    curl: Upgrade to 7.74.0-1.3+deb11u11

    Upgrade subpackages curl|libcurl3-gnutls|libcurl4|libcurl4-gnutls-dev
    |libcurl4-openssl-dev to 7.74.0-1.3+deb11u11 to fix the CVE issue
    CVE-2023-46218.

    Refer to:
    https://www.debian.org/security/2023/dsa-5587
    https://www.tenable.com/plugins/nessus/187288
    https://nvd.nist.gov/vuln/detail/CVE-2023-46218

    TestPlan:
    PASS: downloader; build-pkgs; build-image
    PASS: Jenkins Installation

    Closes-Bug: 2047316

    Signed-off-by: Zhixiong Chi <email address hidden>
    Change-Id: Idbb9e6767a7982207c7de7fc19fce890bc91f6da

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.