Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2023-46218

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.8%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2023-46218
  • Haxx » Curl » Version: 7.46.0
    cpe:2.3:a:haxx:curl:7.46.0
  • Haxx » Curl » Version: 7.47.0
    cpe:2.3:a:haxx:curl:7.47.0
  • Haxx » Curl » Version: 7.47.1
    cpe:2.3:a:haxx:curl:7.47.1
  • Haxx » Curl » Version: 7.48.0
    cpe:2.3:a:haxx:curl:7.48.0
  • Haxx » Curl » Version: 7.49.0
    cpe:2.3:a:haxx:curl:7.49.0
  • Haxx » Curl » Version: 7.49.1
    cpe:2.3:a:haxx:curl:7.49.1
  • Haxx » Curl » Version: 7.50.0
    cpe:2.3:a:haxx:curl:7.50.0
  • Haxx » Curl » Version: 7.50.1
    cpe:2.3:a:haxx:curl:7.50.1
  • Haxx » Curl » Version: 7.50.2
    cpe:2.3:a:haxx:curl:7.50.2
  • Haxx » Curl » Version: 7.50.3
    cpe:2.3:a:haxx:curl:7.50.3
  • Haxx » Curl » Version: 7.51.0
    cpe:2.3:a:haxx:curl:7.51.0
  • Haxx » Curl » Version: 7.52.0
    cpe:2.3:a:haxx:curl:7.52.0
  • Haxx » Curl » Version: 7.52.1
    cpe:2.3:a:haxx:curl:7.52.1
  • Haxx » Curl » Version: 7.53.0
    cpe:2.3:a:haxx:curl:7.53.0
  • Haxx » Curl » Version: 7.53.1
    cpe:2.3:a:haxx:curl:7.53.1
  • Haxx » Curl » Version: 7.54.0
    cpe:2.3:a:haxx:curl:7.54.0
  • Haxx » Curl » Version: 7.54.1
    cpe:2.3:a:haxx:curl:7.54.1
  • Haxx » Curl » Version: 7.55.0
    cpe:2.3:a:haxx:curl:7.55.0
  • Haxx » Curl » Version: 7.55.1
    cpe:2.3:a:haxx:curl:7.55.1
  • Haxx » Curl » Version: 7.56.0
    cpe:2.3:a:haxx:curl:7.56.0
  • Haxx » Curl » Version: 7.56.1
    cpe:2.3:a:haxx:curl:7.56.1
  • Haxx » Curl » Version: 7.57.0
    cpe:2.3:a:haxx:curl:7.57.0
  • Haxx » Curl » Version: 7.58.0
    cpe:2.3:a:haxx:curl:7.58.0
  • Haxx » Curl » Version: 7.59.0
    cpe:2.3:a:haxx:curl:7.59.0
  • Haxx » Curl » Version: 7.60.0
    cpe:2.3:a:haxx:curl:7.60.0
  • Haxx » Curl » Version: 7.61.0
    cpe:2.3:a:haxx:curl:7.61.0
  • Haxx » Curl » Version: 7.61.1
    cpe:2.3:a:haxx:curl:7.61.1
  • Haxx » Curl » Version: 7.62.0
    cpe:2.3:a:haxx:curl:7.62.0
  • Haxx » Curl » Version: 7.63.0
    cpe:2.3:a:haxx:curl:7.63.0
  • Haxx » Curl » Version: 7.64.0
    cpe:2.3:a:haxx:curl:7.64.0
  • Haxx » Curl » Version: 7.64.1
    cpe:2.3:a:haxx:curl:7.64.1
  • Haxx » Curl » Version: 7.65.0
    cpe:2.3:a:haxx:curl:7.65.0
  • Haxx » Curl » Version: 7.65.1
    cpe:2.3:a:haxx:curl:7.65.1
  • Haxx » Curl » Version: 7.65.2
    cpe:2.3:a:haxx:curl:7.65.2
  • Haxx » Curl » Version: 7.65.3
    cpe:2.3:a:haxx:curl:7.65.3
  • Haxx » Curl » Version: 7.66.0
    cpe:2.3:a:haxx:curl:7.66.0
  • Haxx » Curl » Version: 7.67.0
    cpe:2.3:a:haxx:curl:7.67.0
  • Haxx » Curl » Version: 7.68.0
    cpe:2.3:a:haxx:curl:7.68.0
  • Haxx » Curl » Version: 7.69.0
    cpe:2.3:a:haxx:curl:7.69.0
  • Haxx » Curl » Version: 7.69.1
    cpe:2.3:a:haxx:curl:7.69.1
  • Haxx » Curl » Version: 7.70.0
    cpe:2.3:a:haxx:curl:7.70.0
  • Haxx » Curl » Version: 7.71.0
    cpe:2.3:a:haxx:curl:7.71.0
  • Haxx » Curl » Version: 7.71.1
    cpe:2.3:a:haxx:curl:7.71.1
  • Haxx » Curl » Version: 7.72.0
    cpe:2.3:a:haxx:curl:7.72.0
  • Haxx » Curl » Version: 7.73.0
    cpe:2.3:a:haxx:curl:7.73.0
  • Haxx » Curl » Version: 7.74.0
    cpe:2.3:a:haxx:curl:7.74.0
  • Haxx » Curl » Version: 7.75.0
    cpe:2.3:a:haxx:curl:7.75.0
  • Haxx » Curl » Version: 7.76.0
    cpe:2.3:a:haxx:curl:7.76.0
  • Haxx » Curl » Version: 7.76.1
    cpe:2.3:a:haxx:curl:7.76.1
  • Haxx » Curl » Version: 7.77.0
    cpe:2.3:a:haxx:curl:7.77.0
  • Haxx » Curl » Version: 7.78.0
    cpe:2.3:a:haxx:curl:7.78.0
  • Haxx » Curl » Version: 7.79.0
    cpe:2.3:a:haxx:curl:7.79.0
  • Haxx » Curl » Version: 7.79.1
    cpe:2.3:a:haxx:curl:7.79.1
  • Haxx » Curl » Version: 7.80.0
    cpe:2.3:a:haxx:curl:7.80.0
  • Haxx » Curl » Version: 7.81.0
    cpe:2.3:a:haxx:curl:7.81.0
  • Haxx » Curl » Version: 7.82.0
    cpe:2.3:a:haxx:curl:7.82.0
  • Haxx » Curl » Version: 7.83.0
    cpe:2.3:a:haxx:curl:7.83.0
  • Haxx » Curl » Version: 7.83.1
    cpe:2.3:a:haxx:curl:7.83.1
  • Haxx » Curl » Version: 7.84.0
    cpe:2.3:a:haxx:curl:7.84.0
  • Haxx » Curl » Version: 7.85.0
    cpe:2.3:a:haxx:curl:7.85.0
  • Haxx » Curl » Version: 7.86.0
    cpe:2.3:a:haxx:curl:7.86.0
  • Haxx » Curl » Version: 7.87.0
    cpe:2.3:a:haxx:curl:7.87.0
  • Haxx » Curl » Version: 7.88.0
    cpe:2.3:a:haxx:curl:7.88.0
  • Haxx » Curl » Version: 7.88.1
    cpe:2.3:a:haxx:curl:7.88.1
  • Haxx » Curl » Version: 8.0.0
    cpe:2.3:a:haxx:curl:8.0.0
  • Haxx » Curl » Version: 8.0.1
    cpe:2.3:a:haxx:curl:8.0.1
  • Haxx » Curl » Version: 8.1.0
    cpe:2.3:a:haxx:curl:8.1.0
  • Haxx » Curl » Version: 8.1.1
    cpe:2.3:a:haxx:curl:8.1.1
  • Haxx » Curl » Version: 8.1.2
    cpe:2.3:a:haxx:curl:8.1.2
  • Haxx » Curl » Version: 8.2.0
    cpe:2.3:a:haxx:curl:8.2.0
  • Haxx » Curl » Version: 8.2.1
    cpe:2.3:a:haxx:curl:8.2.1
  • Haxx » Curl » Version: 8.4.0
    cpe:2.3:a:haxx:curl:8.4.0
  • Fedoraproject » Fedora » Version: 39
    cpe:2.3:o:fedoraproject:fedora:39


Products
Pricing
Contact Us

Shodan ® - All rights reserved