{
  "schema_version": "1.5.0",
  "id": "CURL-CVE-2023-46219",
  "aliases": [
    "CVE-2023-46219"
  ],
  "summary": "HSTS long filename clears contents",
  "modified": "2026-04-25T17:48:46.00Z",
  "database_specific": {
    "package": "curl",
    "affects": "both",
    "URL": "https://curl.se/docs/CVE-2023-46219.json",
    "www": "https://curl.se/docs/CVE-2023-46219.html",
    "issue": "https://hackerone.com/reports/2236133",
    "CWE": {
      "id": "CWE-311",
      "desc": "Missing Encryption of Sensitive Data"
    },
    "award": {
      "amount": "540",
      "currency": "USD"
    },
    "last_affected": "8.4.0",
    "severity": "Low"
  },
  "published": "2023-12-06T08:00:00.00Z",
  "affected": [
    {
      "ranges": [
        {
           "type": "SEMVER",
           "events": [
             {"introduced": "7.84.0"},
             {"fixed": "8.5.0"}
           ]
        },
        {
           "type": "GIT",
           "repo": "https://github.com/curl/curl.git",
           "events": [
             {"introduced": "20f9dd6bae50b7223171b17ba7798946e74f877f"},
             {"fixed": "73b65e94f3531179de45c6f3c836a610e3d0a846"}
           ]
        }
      ],
      "versions": [
        "8.4.0", "8.3.0", "8.2.1", "8.2.0", "8.1.2", "8.1.1", "8.1.0", 
        "8.0.1", "8.0.0", "7.88.1", "7.88.0", "7.87.0", "7.86.0", "7.85.0", 
        "7.84.0"
      ]
    }
  ],
  "credits": [
    {
      "name": "Maksymilian Arciemowicz",
      "type": "FINDER"
    },
    {
      "name": "Daniel Stenberg",
      "type": "REMEDIATION_DEVELOPER"
    }
  ],
  "details": "When saving HSTS data to an excessively long filename, curl could end up\nremoving all contents, making subsequent requests using that file unaware of\nthe HSTS status they should otherwise use."
}