{"id":"CURL-CVE-2023-28322","summary":"more POST-after-PUT confusion","details":"When doing HTTP(S) transfers, libcurl might erroneously use the read callback\n(`CURLOPT_READFUNCTION`) to ask for data to send, even when the\n`CURLOPT_POSTFIELDS` option has been set, if the same handle previously was\nused to issue a `PUT` request which used that callback.\n\nThis flaw may surprise the application and cause it to misbehave and either\nsend off the wrong data or use memory after free or similar in the second\ntransfer.\n\nThe problem exists in the logic for a reused handle when it is (expected to\nbe) changed from a PUT to a POST.","aliases":["CVE-2023-28322"],"modified":"2025-05-15T17:48:29Z","published":"2023-05-17T08:00:00Z","database_specific":{"package":"curl","affects":"lib","www":"https://curl.se/docs/CVE-2023-28322.html","URL":"https://curl.se/docs/CVE-2023-28322.json","last_affected":"8.0.1","severity":"Low","issue":"https://hackerone.com/reports/1954658","award":{"currency":"USD","amount":"480"},"CWE":{"desc":"Expected Behavior Violation","id":"CWE-440"}},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.7"},{"fixed":"8.1.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"546572da0457f37c698c02d0a08d90fdfcbeedec"},{"fixed":"7815647d6582c0a4900be2e1de6c5e61272c496b"}]}],"versions":["8.0.1","8.0.0","7.88.1","7.88.0","7.87.0","7.86.0","7.85.0","7.84.0","7.83.1","7.83.0","7.82.0","7.81.0","7.80.0","7.79.1","7.79.0","7.78.0","7.77.0","7.76.1","7.76.0","7.75.0","7.74.0","7.73.0","7.72.0","7.71.1","7.71.0","7.70.0","7.69.1","7.69.0","7.68.0","7.67.0","7.66.0","7.65.3","7.65.2","7.65.1","7.65.0","7.64.1","7.64.0","7.63.0","7.62.0","7.61.1","7.61.0","7.60.0","7.59.0","7.58.0","7.57.0","7.56.1","7.56.0","7.55.1","7.55.0","7.54.1","7.54.0","7.53.1","7.53.0","7.52.1","7.52.0","7.51.0","7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0","7.45.0","7.44.0","7.43.0","7.42.1","7.42.0","7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","7.35.0","7.34.0","7.33.0","7.32.0","7.31.0","7.30.0","7.29.0","7.28.1","7.28.0","7.27.0","7.26.0","7.25.0","7.24.0","7.23.1","7.23.0","7.22.0","7.21.7","7.21.6","7.21.5","7.21.4","7.21.3","7.21.2","7.21.1","7.21.0","7.20.1","7.20.0","7.19.7","7.19.6","7.19.5","7.19.4","7.19.3","7.19.2","7.19.1","7.19.0","7.18.2","7.18.1","7.18.0","7.17.1","7.17.0","7.16.4","7.16.3","7.16.2","7.16.1","7.16.0","7.15.5","7.15.4","7.15.3","7.15.2","7.15.1","7.15.0","7.14.1","7.14.0","7.13.2","7.13.1","7.13.0","7.12.3","7.12.2","7.12.1","7.12.0","7.11.2","7.11.1","7.11.0","7.10.8","7.10.7","7.10.6","7.10.5","7.10.4","7.10.3","7.10.2","7.10.1","7.10","7.9.8","7.9.7","7.9.6","7.9.5","7.9.4","7.9.3","7.9.2","7.9.1","7.9","7.8.1","7.8","7.7.3","7.7.2","7.7.1","7.7"],"database_specific":{"vanir_signatures":[{"digest":{"length":778,"function_hash":"244918261107793052109216865361578925479"},"signature_type":"Function","deprecated":false,"target":{"function":"smtp_perform","file":"lib/smtp.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-043f73d8","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":792,"function_hash":"220506091484597006099477209732636036229"},"signature_type":"Function","deprecated":false,"target":{"function":"Curl_http_method","file":"lib/http.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-14b7289b","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"line_hashes":["306559295797139462427140608462790431718","300795580838890850523800351283892993686","102895367688701322313316984490529345204","153026010646255366232225761434975473963","53551290540292994927301234873398481549","292672040806136278022691802557146088822","43165647064246284891730502900628380013","317137927473050333745402513068518641350","98627802755047458805016072872301366249","62233325645386430779467985741383362567","225059475048316828632980542230460373581","129575501958229283455349617547111268400"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"lib/vssh/libssh2.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-1b34e7e7","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":4763,"function_hash":"67779313257680232603889774047580371527"},"signature_type":"Function","deprecated":false,"target":{"function":"ftp_done","file":"lib/ftp.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-1b50d21e","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"line_hashes":["24778642586996919198350454071792151438","243376549740215058559402849412367992339","67468461037768918238008536799269077568","57837591041747779013128411779306425815","101110779260168665969066832726474294422","330033503187222056768763579282542291969","293547233047384075931875398761913618587","317246974644712063993117314526905768298"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"lib/curl_rtmp.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-20d02a2e","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":5217,"function_hash":"288781278300809529854392347866278160582"},"signature_type":"Function","deprecated":false,"target":{"function":"Curl_follow","file":"lib/transfer.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-26737e94","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"line_hashes":["97258340398982231510357624542856555117","196115888839526329938503681403677964605","273300785299348003824334395793287830570","128156528103480494126400649259797078194","28059685807543615514013021731894781879","160008683889397642939799472405576540434","237539299431924241034986137759337084800","121599147739228614423496608920418378369"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"lib/file.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-29d802d0","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":1553,"function_hash":"171685106736792789961470164786745312752"},"signature_type":"Function","deprecated":false,"target":{"function":"file_connect","file":"lib/file.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-2afc4437","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"line_hashes":["122236050038648953749109026718197225915","115972508850464972636156581295222733889","198198853453024651175508530235511395764","291639395866360380294060003438894566696","330355979087240859867538057223240227513","251160153308585915230461082082519348129","139516654346347765904531592519287917641","239461840075973322222100511047443016281","102493182166257917182589419964465109245","59574024927719700869768496879416592308"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"lib/imap.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-2c492cb4","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":29111,"function_hash":"127960884474396591090871624350900483473"},"signature_type":"Function","deprecated":false,"target":{"function":"myssh_statemach_act","file":"lib/vssh/libssh.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-350f4b88","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"line_hashes":["86204623071547473177451685391049145821","78621469095617583409608038713063866738","316767198170014934017947292028044373895","148900820586371331636624063873094921175","165945403193373155485131961913984265985","262796508999799236443544456886954968006","275864837180829807619883946678933720401","263264881148776279498885370297181416437"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"lib/http.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-3b278a7c","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"line_hashes":["73718385868193491518011259754153906379","317954902085276870531741347511293183092","38942211661145621612873810955818533812","254689641029217742718913440359729854667","221001309097453287709307782738504900509","231376410078912789094414895469389252901","5037867831267728075510597696684370267","249971556975363633503380013182114437989","94363566679949485508562463690089553064","77238090366588748707057742406822818206","232175913486760611009164122817249348957","187142349753408961888554692971295220288","338183528807122658877245038405259991697"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"lib/setopt.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-438b9a26","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":1469,"function_hash":"81110042113651535327744932347778495706"},"signature_type":"Function","deprecated":false,"target":{"function":"Curl_retry_request","file":"lib/transfer.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-46760f7d","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"line_hashes":["23510561191950165412598934936535456514","156432545537744190623688401073931197870","139620218542570181503477792645415040972","44050332444478604555576307798824989469","145251812672091167533772588959212617924","199425442384433296092932611725572552350","160001442215137755193752576669838746637","157819517022997750679342245460004821697"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"lib/rtsp.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-49adfbcf","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":979,"function_hash":"113786364417183470973370234786478961351"},"signature_type":"Function","deprecated":false,"target":{"function":"ftp_state_prepare_transfer","file":"lib/ftp.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-56a8c03d","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":58711,"function_hash":"326929901072702334459263486826219947408"},"signature_type":"Function","deprecated":false,"target":{"function":"Curl_vsetopt","file":"lib/setopt.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-5c9ebc35","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"line_hashes":["317726397137825121809904848290003596993","103303034701567556252050259920859358191","207342022370722699855465544618548876335","233426072141699121041020006462349843062","298872821362131266097933973523855950233","268318418256143698299718255930566871119","28296195549187310469789282479977549919","185559217287232509915228558856168289426"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"lib/smtp.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-6d3cb626","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"line_hashes":["296000693530442199113595577470590334318","216577282291961582804307418503273235539","66294590867383822358121865777524713980","67304594511717926572104123795976960502","121791898907510934367731659789586805540","322273680879923949459868837472578967972","86903797096206324874289144035688257384","272884887891857536131197173515688291104","259980320844907488988680312803509589842","315802296546629114519497579129060703847","283729880252161123643186515352978535330","270922356054491519675196568636674490445","315028930385922128961305341252665852266","263445799209862313905363651695333886737","225869494801670541193375865651653029623","309112807493493088109002261068181694188"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"lib/tftp.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-71b9d321","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":1096,"function_hash":"72218618379988761905850116991282306357"},"signature_type":"Function","deprecated":false,"target":{"function":"imap_done","file":"lib/imap.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-78b592b6","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"line_hashes":["306559295797139462427140608462790431718","300795580838890850523800351283892993686","102895367688701322313316984490529345204","89235024783610348266994755734010075969","24673369334574603279300288502985166157","69418365403105921722741466474046090738","51258361371674217919662326905956397861","317137927473050333745402513068518641350","978518190664201410547841879078723093","124460489667643206340064942671808237758","225059475048316828632980542230460373581","129575501958229283455349617547111268400"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"lib/vssh/libssh.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-8e3a87f9","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":1308,"function_hash":"237455023385217968748399512334889678881"},"signature_type":"Function","deprecated":false,"target":{"function":"imap_perform","file":"lib/imap.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-8f341fa7","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":3872,"function_hash":"113369540511126264977882734524903335013"},"signature_type":"Function","deprecated":false,"target":{"function":"smb_request_state","file":"lib/smb.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-92fd10d7","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":2664,"function_hash":"60975070784805051290682979146127808699"},"signature_type":"Function","deprecated":false,"target":{"function":"ftp_parse_url_path","file":"lib/ftp.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-9ce61de5","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":415,"function_hash":"295634031920807533326270691195499223104"},"signature_type":"Function","deprecated":false,"target":{"function":"rtmp_do","file":"lib/curl_rtmp.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-9da016f2","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":3229,"function_hash":"238171107628096223128946982784769519992"},"signature_type":"Function","deprecated":false,"target":{"function":"file_do","file":"lib/file.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-9fc43f19","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":797,"function_hash":"53970224719059667866803241067422526438"},"signature_type":"Function","deprecated":false,"target":{"function":"rtmp_connect","file":"lib/curl_rtmp.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-a1b0a247","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":10371,"function_hash":"105182837051338837205902827541102405897"},"signature_type":"Function","deprecated":false,"target":{"function":"wssh_statemach_act","file":"lib/vssh/wolfssh.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-aaa8a0e0","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"line_hashes":["9669197934497761459791353713337792028","324334556226709555596112726078506805405","94903948720967045610047635580544457922","291381250684477033239924086822395888616","214752622107938666009044222914079994607","29999463709903209123492605274621971169","291413131698588812325444898094845257278","198264404388874355682971414348773023071","261860191858216613748857478852007108388","229787851423935550798609221470683910337","281763210011705363107076340253878778202","239491792194485428331526952785243578613"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"lib/transfer.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-bd22164e","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"line_hashes":["230016309546548395354727244599866844762","153098179799887194394447740928206724315","143611996883691104798553200779547640889","243812539181772553999458310418297600425","256519995195968343134029580794278243375","9754712060005705944960900903577833117","195096103454734709555291479417121106325"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"lib/urldata.h"},"signature_version":"v1","id":"CURL-CVE-2023-28322-c36fd0db","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":1997,"function_hash":"216109534114329041341017051443369654594"},"signature_type":"Function","deprecated":false,"target":{"function":"Curl_http_body","file":"lib/http.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-d0623f53","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":45297,"function_hash":"334023911439077442816569278108122106302"},"signature_type":"Function","deprecated":false,"target":{"function":"ssh_statemach_act","file":"lib/vssh/libssh2.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-d3eb5f6b","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"line_hashes":["258487047536441149662349490016792769624","270143957131094979019246511281447877028","181488923961215757240113100534186647783","275873969999637199921837779216117213638","246285149527680665346639512543057520226","336198861496187941564028487685306286853","153420353113278296876916077740603409265","145748298387603453203696721042779306653","167604816648741723478069457087839120339","210376030041983133827550374962991044083","138886990281914732132749392647544668936","253873922962228797635023401687389886362","213901607013462814705817410949049609964","138398518771243368046794514542706026446","235210372475677440757396591639394960964","26178373883322156678241666919190225955"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"lib/ftp.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-d47856bc","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":7619,"function_hash":"175088334888891999453729338556737009493"},"signature_type":"Function","deprecated":false,"target":{"function":"rtsp_do","file":"lib/rtsp.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-da2b40fe","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":1665,"function_hash":"338970860314804758157067765981235754016"},"signature_type":"Function","deprecated":false,"target":{"function":"tftp_parse_option_ack","file":"lib/tftp.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-df3015bb","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":3172,"function_hash":"138807139980154842538164679657347687331"},"signature_type":"Function","deprecated":false,"target":{"function":"tftp_send_first","file":"lib/tftp.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-e2bce814","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":1894,"function_hash":"256146428087632970809030220105515209671"},"signature_type":"Function","deprecated":false,"target":{"function":"ftp_do_more","file":"lib/ftp.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-e32ba6e3","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":144,"function_hash":"112679768512969586199757092354428442759"},"signature_type":"Function","deprecated":false,"target":{"function":"Curl_init_CONNECT","file":"lib/transfer.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-f1b74479","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"line_hashes":["3054917872141925425333295556026189304","78949103107116607409358941056224630057","102895367688701322313316984490529345204","18735227239498913950206415083092895220"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"lib/vssh/wolfssh.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-f5272c3e","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":963,"function_hash":"71059853364750689108198986704302060227"},"signature_type":"Function","deprecated":false,"target":{"function":"smb_send_open","file":"lib/smb.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-f59eeaf3","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"length":1176,"function_hash":"323689776346641865399283821108483837606"},"signature_type":"Function","deprecated":false,"target":{"function":"smtp_done","file":"lib/smtp.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-f65585c9","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"},{"digest":{"line_hashes":["257140884129129657956406441653815527181","300798382280023878119419473451428195938","289853062650714130706901030099562284629","123900463012490465217437101681250111928","324602536867730361405637347032827601906","277789421354370450297115412206566545163","101753198903683783238060221040945520329","229858858213715013767434456634247144739","39688859817162255756879157487236651436","146148270000398325249503751245330562443","154838603119806179916868187399802048839","180444949860080790723725619118067835894"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"lib/smb.c"},"signature_version":"v1","id":"CURL-CVE-2023-28322-ffad51e5","source":"https://github.com/curl/curl.git/commit/7815647d6582c0a4900be2e1de6c5e61272c496b"}],"source":"https://curl.se/docs/CURL-CVE-2023-28322.json"}}],"schema_version":"1.7.3","credits":[{"name":"Hiroki Kurosawa","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}