Auto-Update: 2023-08-27T02:00:34.553169+00:00

CVE-2023/CVE-2023-320xx/CVE-2023-32001.json

@@ -2,124 +2,14 @@
   "id": "CVE-2023-32001",
   "sourceIdentifier": "support@hackerone.com",
   "published": "2023-07-26T21:15:10.037",
-  "lastModified": "2023-08-03T15:11:43.557",
+  "lastModified": "2023-08-27T01:15:45.640",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Rejected",
   "descriptions": [
     {
       "lang": "en",
-      "value": "libcurl can be told to save cookie, HSTS and/or alt-svc data to files. When\ndoing this, it called `stat()` followed by `fopen()` in a way that made it\nvulnerable to a TOCTOU race condition problem.\n\nBy exploiting this flaw, an attacker could trick the victim to create or\noverwrite protected files holding this data in ways it was not intended to.\n"
+      "value": "** REJECT ** We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for."
     }
   ],
-  "metrics": {
+  "metrics": {},
-    "cvssMetricV31": [
+  "references": []
-      {
-        "source": "nvd@nist.gov",
-        "type": "Primary",
-        "cvssData": {
-          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
-          "attackVector": "NETWORK",
-          "attackComplexity": "HIGH",
-          "privilegesRequired": "NONE",
-          "userInteraction": "REQUIRED",
-          "scope": "UNCHANGED",
-          "confidentialityImpact": "LOW",
-          "integrityImpact": "LOW",
-          "availabilityImpact": "LOW",
-          "baseScore": 5.0,
-          "baseSeverity": "MEDIUM"
-        },
-        "exploitabilityScore": 1.6,
-        "impactScore": 3.4
-      }
-    ]
-  },
-  "weaknesses": [
-    {
-      "source": "nvd@nist.gov",
-      "type": "Primary",
-      "description": [
-        {
-          "lang": "en",
-          "value": "CWE-367"
-        }
-      ]
-    }
-  ],
-  "configurations": [
-    {
-      "nodes": [
-        {
-          "operator": "OR",
-          "negate": false,
-          "cpeMatch": [
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "7.84.0",
-              "versionEndIncluding": "8.1.2",
-              "matchCriteriaId": "AAC34CED-FB75-408A-81AE-91702E357DC5"
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "nodes": [
-        {
-          "operator": "OR",
-          "negate": false,
-          "cpeMatch": [
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
-              "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "nodes": [
-        {
-          "operator": "OR",
-          "negate": false,
-          "cpeMatch": [
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
-              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
-            }
-          ]
-        }
-      ]
-    }
-  ],
-  "references": [
-    {
-      "url": "https://hackerone.com/reports/2039870",
-      "source": "support@hackerone.com",
-      "tags": [
-        "Exploit",
-        "Issue Tracking",
-        "Patch",
-        "Third Party Advisory"
-      ]
-    },
-    {
-      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGJ7POX4ATGERTSBFJPW2EQH4Z65PSZJ/",
-      "source": "support@hackerone.com",
-      "tags": [
-        "Mailing List",
-        "Third Party Advisory"
-      ]
-    },
-    {
-      "url": "https://www.debian.org/security/2023/dsa-5460",
-      "source": "support@hackerone.com",
-      "tags": [
-        "Third Party Advisory"
-      ]
-    }
-  ]
 }

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-08-26T18:00:40.499805+00:00
+2023-08-27T02:00:34.553169+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-08-26T16:15:43.350000+00:00
+2023-08-27T01:15:45.640000+00:00
 ```
 
 ### Last Data Feed Release
@@ -23,7 +23,7 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
 
 ```plain
-2023-08-26T00:00:13.548334+00:00
+2023-08-27T00:00:13.567910+00:00
 ```
 
 ### Total Number of included CVEs
@@ -40,13 +40,9 @@ Recently added CVEs: `0`
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `5`
+Recently modified CVEs: `1`
 
-* [CVE-2023-4427](CVE-2023/CVE-2023-44xx/CVE-2023-4427.json) (`2023-08-26T16:15:42.597`)
+* [CVE-2023-32001](CVE-2023/CVE-2023-320xx/CVE-2023-32001.json) (`2023-08-27T01:15:45.640`)
-* [CVE-2023-4428](CVE-2023/CVE-2023-44xx/CVE-2023-4428.json) (`2023-08-26T16:15:43.057`)
-* [CVE-2023-4429](CVE-2023/CVE-2023-44xx/CVE-2023-4429.json) (`2023-08-26T16:15:43.193`)
-* [CVE-2023-4430](CVE-2023/CVE-2023-44xx/CVE-2023-4430.json) (`2023-08-26T16:15:43.273`)
-* [CVE-2023-4431](CVE-2023/CVE-2023-44xx/CVE-2023-4431.json) (`2023-08-26T16:15:43.350`)
 
 
 ## Download and Usage