Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2023-28320

CVE-2023-28320

MEDIUM5.9

A denial of service vulnerability exists in curl <v8

Published May 26, 2023

Modified 1 years ago

Details

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm() and siglongjmp(). When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.

References

http://seclists.org/fulldisclosure/2023/Jul/47

http://seclists.org/fulldisclosure/2023/Jul/48

http://seclists.org/fulldisclosure/2023/Jul/52

https://hackerone.com/reports/1929597

https://security.gentoo.org/glsa/202310-12

https://security.netapp.com/advisory/ntap-20230609-0009/

https://support.apple.com/kb/HT213843

https://support.apple.com/kb/HT213844

https://support.apple.com/kb/HT213845

https://www.cve.org/CVERecord?id=CVE-2023-28320

CVSS Analysis

CVSS v3.1

5.9

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.9/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness Type (CWE)

Resource Management

Resource Exhaustion

Ecosystems

Timeline

PublishedMay 26, 2023

ModifiedJan 15, 2025

CVE-2023-28320 | Mondoo Vulnerability Intelligence