CVE-2023-46218: Missing PSL Validation in Cookie Retrieval - curl Logic Bug

CVE-2023-46218 is a logic bug in curl's cookie domain matching that allows cookies to be sent to unintended domains. The vulnerability stems from inconsistent validation between cookie setting (Curl_cookie_add) and cookie retrieval (Curl_cookie_getlist). While cookie addition enforces Public Suffix List (PSL) validation, the retrieval function lacks PSL checks during domain matching. This allows cookies set for public suffixes (e.g., 'com', 'co.uk') to be sent to any domain matching those suffixes (e.g., 'example.com', 'google.com' for a 'com' suffix cookie), enabling session fixation attacks, cross-domain cookie leakage, and tracking across unrelated sites.