CVE Vulnerabilities

CVE-2023-28321

Improper Certificate Validation

Published: May 26, 2023 | Modified: Nov 07, 2023
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
5.9 MODERATE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Ubuntu
LOW

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as Subject Alternative Name in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Curl Haxx * 8.1.0 (excluding)
JBoss Core Services for RHEL 8 RedHat jbcs-httpd24-curl-0:8.2.1-1.el8jbcs *
JBoss Core Services on RHEL 7 RedHat jbcs-httpd24-curl-0:8.2.1-1.el7jbcs *
Red Hat Enterprise Linux 8 RedHat curl-0:7.61.1-30.el8_8.3 *
Red Hat Enterprise Linux 8.6 Extended Update Support RedHat curl-0:7.61.1-22.el8_6.9 *
Red Hat Enterprise Linux 9 RedHat curl-0:7.76.1-23.el9_2.2 *
Red Hat Enterprise Linux 9 RedHat curl-0:7.76.1-23.el9_2.2 *
Red Hat Enterprise Linux 9.0 Extended Update Support RedHat curl-0:7.76.1-14.el9_0.7 *
Red Hat JBoss Core Services 1 RedHat curl *
Curl Ubuntu bionic *
Curl Ubuntu devel *
Curl Ubuntu esm-infra/bionic *
Curl Ubuntu esm-infra/xenial *
Curl Ubuntu focal *
Curl Ubuntu jammy *
Curl Ubuntu kinetic *
Curl Ubuntu lunar *
Curl Ubuntu mantic *
Curl Ubuntu noble *
Curl Ubuntu trusty *
Curl Ubuntu trusty/esm *
Curl Ubuntu upstream *
Curl Ubuntu xenial *

Potential Mitigations

References