Description
When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- low
- Availability
- none
- Weaknesses
- CWE-311CWE-311
Metadata
- Primary Vendor
- HAXX
- Published
- 12/12/2023
- Last Modified
- 12/2/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
haxx : curlfedoraproject : fedora
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.