Security News > 2023 > October > Security Patch for Two New Flaws in Curl Library Arriving on October 11

Security Patch for Two New Flaws in Curl Library Arriving on October 11
2023-10-09 10:32

The maintainers of the Curl library have released an advisory warning of two forthcoming security vulnerabilities that are expected to be addressed as part of updates released on October 11, 2023. This includes a high severity and a low-severity flaw tracked under the identifiers CVE-2023-38545 and CVE-2023-38546, respectively. Additional details about the issues and the exact version ranges


News URL

https://thehackernews.com/2023/10/security-patch-for-two-new-flaws-in.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-18 CVE-2023-38546 Unspecified vulnerability in Haxx Libcurl
This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers.
network
high complexity
haxx
3.7
2023-10-18 CVE-2023-38545 Out-of-bounds Write vulnerability in multiple products
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only.
network
low complexity
haxx fedoraproject netapp microsoft CWE-787
critical
9.8