| |
Vulnerability CVE-2023-32001
Published: 2023-07-26
| Description: |
libcurl can be told to save cookie, HSTS and/or alt-svc data to files. When
doing this, it called `stat()` followed by `fopen()` in a way that made it
vulnerable to a TOCTOU race condition problem.
By exploiting this flaw, an attacker could trick the victim to create or
overwrite protected files holding this data in ways it was not intended to.
|
References: |
https://hackerone.com/reports/2039870
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
