CVE-2023-46219
5.3
MEDIUM
CVSS 3.1
EPSS 0.14%
Description
When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
How to fix CVE-2023-46219
To remediate CVE-2023-46219, upgrade the affected package to a fixed version below.
- Alpine/curl—upgrade to 8.5.0-r0 or later
- Debian/curl—no fix listed
Is CVE-2023-46219 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 8.5.0-r0
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |