Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2023-38546) (Multiple Advisories): curl security update

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Oracle Linux: (CVE-2023-38546) (Multiple Advisories): curl security update



This flaw allows an attacker to insert cookies at will into a running program

using libcurl, if the specific series of conditions are met.

libcurl performs transfers. In its API, an application creates "easy handles"

that are the individual handles for single transfers.

libcurl provides a function call that duplicates en easy handle called


If a transfer has cookies enabled when the handle is duplicated, the

cookie-enable state is also cloned - but without cloning the actual

cookies. If the source handle did not read any cookies from a specific file on

disk, the cloned version of the handle would instead store the file name as

`none` (using the four ASCII letters, no quotes).

Subsequent use of the cloned handle that does not explicitly set a source to

load cookies from would then inadvertently load cookies from a file named

`none` - if such a file exists and is readable in the current directory of the

program using libcurl. And if using the correct file format of course.


  • oracle-linux-upgrade-curl
  • oracle-linux-upgrade-curl-minimal
  • oracle-linux-upgrade-libcurl
  • oracle-linux-upgrade-libcurl-devel
  • oracle-linux-upgrade-libcurl-minimal

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center