CVE-2023-28320 - siglongjmp race condition
Low
Vulnerability Details
libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm() and siglongjmp().
When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.
## Impact
Denial of service due to a crash (likely) or possibly other impacts.
Actions
View on HackerOneReport Stats
- Report ID: 1990421
- State: Closed
- Substate: resolved
- Upvotes: 7