{
  "threat_severity" : "Moderate",
  "public_date" : "2023-07-19T00:00:00Z",
  "bugzilla" : {
    "description" : "curl: fopen race condition",
    "id" : "2222604",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2222604"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-367",
  "details" : [ "A flaw was found in the curl package. This race condition modifies the behavior of symbolic link files in affected components which might be followed instead of overwritten when the condition is met, leading to undesired and potentially destructive behavior." ],
  "statement" : "This issue does not affect the Curl package as shipped in Red Hat Enterprise Linux 6, 7, 8, and 9.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "curl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "curl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "curl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "curl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat JBoss Core Services",
    "fix_state" : "Not affected",
    "package_name" : "jbcs-httpd24-curl",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-32001\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32001\nhttps://curl.se/docs/CVE-2023-32001.html" ],
  "name" : "CVE-2023-32001",
  "csaw" : false
}