External Control of File Name or Path Affecting flutter_curl package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PUB-FLUTTERCURL-5933312
- published 5 Oct 2023
- disclosed 5 Oct 2023
- credit w0x42
Introduced: 5 Oct 2023
CVE-2023-38546 Open this link in a new tabHow to fix?
There is no fixed version for flutter_curl
.
Overview
Affected versions of this package are vulnerable to External Control of File Name or Path via the curl_easy_duphandle
function, allowing an attacker to insert cookies into a running program using this library.
When this function is used to duplicate an easy handle with cookies enabled, the cookie-enable state is also cloned. However, the actual cookies are not cloned, and if the source handle did not read any cookies from a specific file on disk, the cloned handle would store the file name as none
. Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would inadvertently load cookies from a file named none
.
Note:
This is only exploitable if a file named none
exists and is readable in the current directory of the program using libcurl
and in the correct file format.
Changelog:
2023-10-04: Initial publication
2023-10-11: Published updated information, including CWE, CVSS, official references and affected versions range.