{"id":"CURL-CVE-2023-46219","summary":"HSTS long filename clears contents","details":"When saving HSTS data to an excessively long filename, curl could end up\nremoving all contents, making subsequent requests using that file unaware of\nthe HSTS status they should otherwise use.","aliases":["CVE-2023-46219"],"modified":"2026-05-21T06:00:13.787371105Z","published":"2023-12-06T08:00:00Z","database_specific":{"affects":"both","last_affected":"8.4.0","severity":"Low","URL":"https://curl.se/docs/CVE-2023-46219.json","package":"curl","issue":"https://hackerone.com/reports/2236133","award":{"amount":"540","currency":"USD"},"CWE":{"id":"CWE-311","desc":"Missing Encryption of Sensitive Data"},"www":"https://curl.se/docs/CVE-2023-46219.html"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.84.0"},{"fixed":"8.5.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"20f9dd6bae50b7223171b17ba7798946e74f877f"},{"fixed":"73b65e94f3531179de45c6f3c836a610e3d0a846"}]}],"versions":["8.4.0","8.3.0","8.2.1","8.2.0","8.1.2","8.1.1","8.1.0","8.0.1","8.0.0","7.88.1","7.88.0","7.87.0","7.86.0","7.85.0","7.84.0","tiny-curl-8_4_0","curl-8_4_0","curl-8_3_0","curl-8_2_1","curl-8_2_0","curl-8_1_2","curl-8_1_1","curl-8_1_0","curl-8_0_1","curl-8_0_0","curl-7_88_1","curl-7_88_0","curl-7_87_0","curl-7_86_0","curl-7_85_0","curl-7_84_0"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2023-46219.json"}}],"schema_version":"1.7.5","credits":[{"name":"Maksymilian Arciemowicz","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}