{
  "document": {
    "aggregate_severity": {
      "text": "Medium"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "TuxCare License Agreement",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://tuxcare.com/contact/",
      "name": "TuxCare",
      "namespace": "https://tuxcare.com/"
    },
    "references": [
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.tuxcare.com/csaf/v2/els_os/cloudlinux7els/vex/2023/cve-2023-28321-els_os-cloudlinux7els.json"
      }
    ],
    "tracking": {
      "current_release_date": "2026-06-12T21:58:57Z",
      "generator": {
        "date": "2026-06-12T21:58:57Z",
        "engine": {
          "name": "pyCSAF"
        }
      },
      "id": "CVE-2023-28321-ELS_OS-CLOUDLINUX7ELS",
      "initial_release_date": "2023-05-26T21:15:00Z",
      "revision_history": [
        {
          "date": "2023-05-26T21:15:00Z",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-12T21:58:57Z",
          "number": "2",
          "summary": "Official Publication"
        }
      ],
      "status": "final",
      "version": "2"
    },
    "title": "Security update on CVE-2023-28321"
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "CloudLinux 7",
                "product": {
                  "name": "CloudLinux 7",
                  "product_id": "CloudLinux-7",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:o:cloudlinux:cloudlinux:7:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "CloudLinux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.x86_64",
                "product": {
                  "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.x86_64",
                  "product_id": "libcurl-0:7.29.0-59.0.3.el7_9.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/cloudlinux/libcurl@7.29.0-59.0.3.el7_9.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.x86_64",
                "product": {
                  "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.x86_64",
                  "product_id": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/cloudlinux/libcurl-devel@7.29.0-59.0.3.el7_9.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "curl-0:7.29.0-59.0.3.el7_9.2.x86_64",
                "product": {
                  "name": "curl-0:7.29.0-59.0.3.el7_9.2.x86_64",
                  "product_id": "curl-0:7.29.0-59.0.3.el7_9.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/cloudlinux/curl@7.29.0-59.0.3.el7_9.2?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.i686",
                "product": {
                  "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.i686",
                  "product_id": "libcurl-0:7.29.0-59.0.3.el7_9.2.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/cloudlinux/libcurl@7.29.0-59.0.3.el7_9.2?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.i686",
                "product": {
                  "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.i686",
                  "product_id": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/cloudlinux/libcurl-devel@7.29.0-59.0.3.el7_9.2?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Cloud Linux Software, Inc."
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
                "product": {
                  "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
                  "product_id": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/cloudlinux/libcurl@7.29.0-59.0.3.el7_9.2.tuxcare.els2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
                "product": {
                  "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
                  "product_id": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/cloudlinux/libcurl-devel@7.29.0-59.0.3.el7_9.2.tuxcare.els2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
                "product": {
                  "name": "curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
                  "product_id": "curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/cloudlinux/curl@7.29.0-59.0.3.el7_9.2.tuxcare.els2?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686",
                "product": {
                  "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686",
                  "product_id": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/cloudlinux/libcurl@7.29.0-59.0.3.el7_9.2.tuxcare.els2?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686",
                "product": {
                  "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686",
                  "product_id": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/cloudlinux/libcurl-devel@7.29.0-59.0.3.el7_9.2.tuxcare.els2?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "CloudLinux"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64 as a component of CloudLinux 7",
          "product_id": "CloudLinux-7:libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64"
        },
        "product_reference": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
        "relates_to_product_reference": "CloudLinux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.x86_64 as a component of CloudLinux 7",
          "product_id": "CloudLinux-7:libcurl-0:7.29.0-59.0.3.el7_9.2.x86_64"
        },
        "product_reference": "libcurl-0:7.29.0-59.0.3.el7_9.2.x86_64",
        "relates_to_product_reference": "CloudLinux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686 as a component of CloudLinux 7",
          "product_id": "CloudLinux-7:libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686"
        },
        "product_reference": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686",
        "relates_to_product_reference": "CloudLinux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.i686 as a component of CloudLinux 7",
          "product_id": "CloudLinux-7:libcurl-0:7.29.0-59.0.3.el7_9.2.i686"
        },
        "product_reference": "libcurl-0:7.29.0-59.0.3.el7_9.2.i686",
        "relates_to_product_reference": "CloudLinux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686 as a component of CloudLinux 7",
          "product_id": "CloudLinux-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686"
        },
        "product_reference": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686",
        "relates_to_product_reference": "CloudLinux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.i686 as a component of CloudLinux 7",
          "product_id": "CloudLinux-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.i686"
        },
        "product_reference": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.i686",
        "relates_to_product_reference": "CloudLinux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64 as a component of CloudLinux 7",
          "product_id": "CloudLinux-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64"
        },
        "product_reference": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
        "relates_to_product_reference": "CloudLinux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.x86_64 as a component of CloudLinux 7",
          "product_id": "CloudLinux-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.x86_64"
        },
        "product_reference": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.x86_64",
        "relates_to_product_reference": "CloudLinux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64 as a component of CloudLinux 7",
          "product_id": "CloudLinux-7:curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64"
        },
        "product_reference": "curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
        "relates_to_product_reference": "CloudLinux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-0:7.29.0-59.0.3.el7_9.2.x86_64 as a component of CloudLinux 7",
          "product_id": "CloudLinux-7:curl-0:7.29.0-59.0.3.el7_9.2.x86_64"
        },
        "product_reference": "curl-0:7.29.0-59.0.3.el7_9.2.x86_64",
        "relates_to_product_reference": "CloudLinux-7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-28321",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "description",
          "text": "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "known_affected": [
          "CloudLinux-7:curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
          "CloudLinux-7:curl-0:7.29.0-59.0.3.el7_9.2.x86_64",
          "CloudLinux-7:libcurl-0:7.29.0-59.0.3.el7_9.2.i686",
          "CloudLinux-7:libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686",
          "CloudLinux-7:libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
          "CloudLinux-7:libcurl-0:7.29.0-59.0.3.el7_9.2.x86_64",
          "CloudLinux-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.i686",
          "CloudLinux-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686",
          "CloudLinux-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
          "CloudLinux-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2023-28321"
        },
        {
          "category": "external",
          "summary": "http://seclists.org/fulldisclosure/2023/Jul/47",
          "url": "http://seclists.org/fulldisclosure/2023/Jul/47"
        },
        {
          "category": "external",
          "summary": "http://seclists.org/fulldisclosure/2023/Jul/48",
          "url": "http://seclists.org/fulldisclosure/2023/Jul/48"
        },
        {
          "category": "external",
          "summary": "http://seclists.org/fulldisclosure/2023/Jul/52",
          "url": "http://seclists.org/fulldisclosure/2023/Jul/52"
        },
        {
          "category": "external",
          "summary": "https://hackerone.com/reports/1950627",
          "url": "https://hackerone.com/reports/1950627"
        },
        {
          "category": "external",
          "summary": "https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html",
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html"
        },
        {
          "category": "external",
          "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/",
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/"
        },
        {
          "category": "external",
          "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/",
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/"
        },
        {
          "category": "external",
          "summary": "https://security.gentoo.org/glsa/202310-12",
          "url": "https://security.gentoo.org/glsa/202310-12"
        },
        {
          "category": "external",
          "summary": "https://security.netapp.com/advisory/ntap-20230609-0009/",
          "url": "https://security.netapp.com/advisory/ntap-20230609-0009/"
        },
        {
          "category": "external",
          "summary": "https://support.apple.com/kb/HT213843",
          "url": "https://support.apple.com/kb/HT213843"
        },
        {
          "category": "external",
          "summary": "https://support.apple.com/kb/HT213844",
          "url": "https://support.apple.com/kb/HT213844"
        },
        {
          "category": "external",
          "summary": "https://support.apple.com/kb/HT213845",
          "url": "https://support.apple.com/kb/HT213845"
        }
      ],
      "release_date": "2023-05-26T21:15:00Z",
      "remediations": [
        {
          "category": "no_fix_planned",
          "date": "2026-06-12T13:07:14.589380Z",
          "details": "Deprioritize this: exploitation requires curl to be built with its private hostname-matching routine and the server to present a certificate containing an illegal “partial” wildcard (e.g., x*) against an IDN/punycode hostname—certificates public CAs are not permitted to issue, making real-world misuse against standard Internet endpoints highly implausible. It provides no code execution and only affects identity checks under these narrow certificate conditions, yielding high attack complexity and very limited practical exposure for typical server/VM workloads. The curl project itself classifies the bug as Low severity, reinforcing its low operational priority.",
          "product_ids": [
            "CloudLinux-7:curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
            "CloudLinux-7:curl-0:7.29.0-59.0.3.el7_9.2.x86_64",
            "CloudLinux-7:libcurl-0:7.29.0-59.0.3.el7_9.2.i686",
            "CloudLinux-7:libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686",
            "CloudLinux-7:libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
            "CloudLinux-7:libcurl-0:7.29.0-59.0.3.el7_9.2.x86_64",
            "CloudLinux-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.i686",
            "CloudLinux-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686",
            "CloudLinux-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
            "CloudLinux-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CloudLinux-7:curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
            "CloudLinux-7:curl-0:7.29.0-59.0.3.el7_9.2.x86_64",
            "CloudLinux-7:libcurl-0:7.29.0-59.0.3.el7_9.2.i686",
            "CloudLinux-7:libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686",
            "CloudLinux-7:libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
            "CloudLinux-7:libcurl-0:7.29.0-59.0.3.el7_9.2.x86_64",
            "CloudLinux-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.i686",
            "CloudLinux-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686",
            "CloudLinux-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64",
            "CloudLinux-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    }
  ]
}