Vulnerability Report

CVE-2023-38546

Title: Haxx Libcurl

Other

Proof Of Concept

No public PoC currently indexed for CVE-2023-38546.

CWE Category NVD-CWE-noinfo

Published Date Oct 18, 2023

Modified Date May 12, 2026

Exploit Status Not Found

Score 3.7 CVSS v3.1

Exploit Probability (EPSS)

0.44%

Vulnerability Summary

CVE-2023-38546: This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course.

Impacted Vendors

haxx 1

libcurl 1

Reference Links

http://seclists.org/fulldisclosure/2024/Jan/34 http://seclists.org/fulldisclosure/2024/Jan/37 http://seclists.org/fulldisclosure/2024/Jan/38 https://curl.se/docs/CVE-2023-38546.html https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868 https://lists.fedoraproject.org/archives/list/[email protected]/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/ https://support.apple.com/kb/HT214036 https://support.apple.com/kb/HT214057 https://support.apple.com/kb/HT214058 https://support.apple.com/kb/HT214063 http://seclists.org/fulldisclosure/2024/Jan/34 http://seclists.org/fulldisclosure/2024/Jan/37 http://seclists.org/fulldisclosure/2024/Jan/38 https://curl.se/docs/CVE-2023-38546.html https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868 https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html https://lists.fedoraproject.org/archives/list/[email protected]/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/ https://support.apple.com/kb/HT214036 https://support.apple.com/kb/HT214057 https://support.apple.com/kb/HT214058 https://support.apple.com/kb/HT214063

CVSS v3.1

Source Entity [email protected]

Severity LOW

3.7

Attack Vector

NETWORK

Complexity

HIGH

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2023-38546 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

May 12, 2026 MODIFIED

Vulnerability data updated via NVD.

November 04, 2025 MODIFIED

Vulnerability data or affected products updated.

October 18, 2023 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK

Complexity HIGH

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Stack

No specific products linked.