Not to be fixed
Created: Jul 20, 2023
Updated: Nov 2, 2023
Resolved Date: Nov 2, 2023
Found In Version: 10.18.44.1
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Userspace
libcurl can be told to save cookie, HSTS and/or alt-svc data to files. When
doing this, it called `stat()` followed by `fopen()` in a way that made it
vulnerable to a TOCTOU race condition problem.
By exploiting this flaw, an attacker could trick the victim to create or
overwrite protected files holding this data in ways it was not intended to.
https://nvd.nist.gov/vuln/detail/CVE-2023-32001
