2179097 – (CVE-2023-27537) CVE-2023-27537 curl: HSTS double-free

Bug 2179097 (CVE-2023-27537) - CVE-2023-27537 curl: HSTS double-free

Summary: CVE-2023-27537 curl: HSTS double-free

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2023-27537
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2178228
TreeView+	depends on / blocked

Reported:	2023-03-16 16:01 UTC by Marian Rehak
Modified:	2023-04-03 17:54 UTC (History)
CC List:	16 users (show)
Fixed In Version:	curl 8.0.0
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-03-21 17:30:58 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2023-03-16 16:01:19 UTC

libcurl supports sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.

INFO
----

This feature was not implemented to support sharing between threads. That is still left for future improvements. The fix for this issue is therefore a documentation update clarifying that sharing HSTS between threads is not expected to work.

Comment 1 Product Security DevOps Team 2023-03-21 17:30:56 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-27537

Note You need to log in before you can comment on or make changes to this bug.