CVE-2023-28319

Description

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.

How to fix CVE-2023-28319

To remediate CVE-2023-28319, upgrade the affected package to a fixed version below.

—upgrade to 8.1.0-r0 or later
—upgrade to 7.88.1-10 or later

Is CVE-2023-28319 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 8.1.0-r0
from 0, < 7.88.1-10

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (2)

ADVISORYsecurity.alpinelinux.org/vuln/CVE-2023-28319
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2023-28319