CVE-2023-28321

Published: May 26, 2023Modified: Jan 15, 2025

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.

Affected (13)

Products: Haxx: Curl · Debian: Debian Linux · Fedoraproject: Fedora · +2 more

Show all products

Haxx: Curl · Debian: Debian Linux · Fedoraproject: Fedora · Netapp: Clustered Data Ontap, Ontap Antivirus Connector, H300s Firmware, H500s Firmware, H700s Firmware, H410s Firmware · Apple: Macos

1 product

1 product

1 product

6 products

Clustered Data Ontap

Ontap Antivirus Connector

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Haxx Curl	Before 8.1.0

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Fedoraproject Fedora	Version 37
Fedoraproject Fedora	Version 38

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Netapp Clustered Data Ontap	All versions
Netapp Ontap Antivirus Connector	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300s Firmware	All versions

Running on/with	Platform Versions
Netapp H300s	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500s Firmware	All versions

Running on/with	Platform Versions
Netapp H500s	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700s Firmware	All versions

Running on/with	Platform Versions
Netapp H700s	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410s Firmware	All versions

Running on/with	Platform Versions
Netapp H410s	All versions

Configuration H

3 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	From 11.0 to 11.7.9
Apple Macos	From 12.0 to 12.6.8
Apple Macos	From 13.0 to 13.5

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (24)

http://seclists.org/fulldisclosure/2023/Jul/47

Source: support@hackerone.com

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2023/Jul/48

Source: support@hackerone.com

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2023/Jul/52

Source: support@hackerone.com

Mailing ListThird Party Advisory

https://hackerone.com/reports/1950627

Source: support@hackerone.com

ExploitPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html

Source: support@hackerone.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/

Source: support@hackerone.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/

Source: support@hackerone.com

https://security.gentoo.org/glsa/202310-12

Source: support@hackerone.com

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230609-0009/

Source: support@hackerone.com

Third Party Advisory

https://support.apple.com/kb/HT213843

Source: support@hackerone.com

Third Party Advisory

https://support.apple.com/kb/HT213844

Source: support@hackerone.com

Third Party Advisory

https://support.apple.com/kb/HT213845

Source: support@hackerone.com

Third Party Advisory

http://seclists.org/fulldisclosure/2023/Jul/47

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2023/Jul/48

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2023/Jul/52

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://hackerone.com/reports/1950627

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202310-12

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230609-0009/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/kb/HT213843

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/kb/HT213844

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/kb/HT213845

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.