{"vulnerability": "CVE-2023-46219", "sightings": [{"uuid": "8eefccaa-c8c1-4159-980d-47b253581216", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46219", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-04", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "8abcab0b-0779-41fa-9018-bded19e2f8e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46219", "type": "seen", "source": "https://t.me/arpsyndicate/2835", "content": "#ExploitObserverAlert\n\nCVE-2023-46219\n\nDESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2023-46219. When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.\n\nFIRST-EPSS: 0.000520000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2024-01-16T07:26:55.000000Z"}, {"uuid": "604f6362-3790-4374-b08d-5cd7816e36f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46219", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-05", "content": "", "creation_timestamp": "2025-06-12T10:00:00.000000Z"}, {"uuid": "8a837264-78bd-40e8-9db7-79062b33e21d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46219", "type": "seen", "source": "https://t.me/MrVGunz/1210", "content": "\ud83d\udccd \u062a\u062d\u0644\u06cc\u0644 \u0648 \u0631\u0627\u0647\u0646\u0645\u0627\u06cc\u06cc\u200c\u0647\u0627 \u0628\u0631\u0627\u06cc \u0646\u0642\u0635 \u0627\u0645\u0646\u06cc\u062a\u06cc \u062f\u0631 BIG-IP F5\n\n\u062f\u0631 \u062a\u0627\u0631\u06cc\u062e \u06f1\u06f9 \u0641\u0648\u0631\u06cc\u0647 \u06f2\u06f0\u06f2\u06f4\u060c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CVE-2023-46219 \u062f\u0631 \u0627\u062c\u0632\u0627\u06cc cURL \u0648 libcurl \u0645\u062d\u0635\u0648\u0644\u0627\u062a BIG-IP Next CNF \u0648 BIG-IP Next SPK \u0627\u0632 \u0634\u0631\u06a9\u062a F5 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f. \u0627\u06cc\u0646 \u0646\u0642\u0635 \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632 CVSS 3.2\u060c \u062a\u0647\u062f\u06cc\u062f\u06cc \u06a9\u0645\u200c\u062e\u0637\u0631 \u0645\u062d\u0633\u0648\u0628 \u0645\u06cc\u200c\u0634\u0648\u062f. \u0645\u0634\u06a9\u0644 \u0627\u0635\u0644\u06cc \u0628\u0647 \u0646\u06af\u0647\u062f\u0627\u0631\u06cc \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc HSTS \u062f\u0631 \u0646\u0627\u0645\u200c\u0647\u0627\u06cc \u0641\u0627\u06cc\u0644 \u0637\u0648\u0644\u0627\u0646\u06cc \u0645\u0631\u0628\u0648\u0637 \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a cURL \u062a\u0645\u0627\u0645\u06cc \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u0645\u0631\u0628\u0648\u0637\u0647 \u0631\u0627 \u062d\u0630\u0641 \u06a9\u0646\u062f \u0648 \u0645\u0646\u062c\u0631 \u0628\u0647 \u0646\u0627\u062f\u06cc\u062f\u0647\u200c\u06af\u0631\u0641\u062a\u0646 \u0648\u0636\u0639\u06cc\u062a HSTS \u062f\u0631 \u062f\u0631\u062e\u0648\u0627\u0633\u062a\u200c\u0647\u0627\u06cc \u0628\u0639\u062f\u06cc \u0634\u0648\u062f.\n\n\u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u062e\u0648\u062f \u0631\u0627 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0631\u062f\u0647 \u0648 \u062f\u0631 \u0635\u0648\u0631\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u060c \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0645\u0646\u0627\u0633\u0628 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u0646\u062f. \u0647\u0645\u0686\u0646\u06cc\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u062a\u0634\u062e\u06cc\u0635\u06cc \u0645\u0627\u0646\u0646\u062f iHealth \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f.\n\n\n\ud83d\udd17 \u062c\u0647\u062a \u0645\u0637\u0627\u0644\u0639\u0647 \u0627\u062f\u0627\u0645\u0647 \u0645\u0642\u0627\u0644\u0647 \u0628\u0647 \u0627\u06cc\u0646 \u0633\u0627\u06cc\u062a \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f:\n\n\n\ud83d\udd3a http://www.auscert.org.au/bulletins/ESB-2024.1036/\n\n\ud83d\udccd Analysis and Guidance for Security Vulnerability in BIG-IP F5\n\nOn February 19, 2024, vulnerability CVE-2023-46219 was identified in the cURL and libcurl components of F5's BIG-IP Next CNF and BIG-IP Next SPK products. This flaw, rated as a low-risk threat with a CVSS score of 3.2, is associated with handling HSTS data in long filename contexts. It may cause cURL to delete all related content, leading to the HSTS status being ignored in subsequent requests.\n\nUsers are advised to review their product versions and apply the appropriate updates if they are vulnerable. Additionally, using diagnostic tools like iHealth is recommended.\n\n\ud83d\udd17 For further reading, please visit: \n\n\ud83d\udd3a http://www.auscert.org.au/bulletins/ESB-2024.1036/", "creation_timestamp": "2024-07-22T09:36:20.000000Z"}, {"uuid": "1f16a0f2-6179-4b25-8b6f-d2ff981980f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46219", "type": "seen", "source": "https://t.me/ctinow/160837", "content": "https://ift.tt/B4o1AtS\nCVE-2023-46219 | cURL up to 8.4.0 HSTS File Name lib/fopen.c missing encryption (FEDORA-2023-2121eca964)", "creation_timestamp": "2023-12-30T10:06:36.000000Z"}, {"uuid": "4053aeb6-be5a-46a0-af87-4e989fae6094", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46219", "type": "seen", "source": "https://t.me/ctinow/170332", "content": "https://ift.tt/1gYHTQk\nCVE-2023-46219 curl Vulnerability in NetApp Products", "creation_timestamp": "2024-01-19T18:32:09.000000Z"}]}