Security News > 2023 > October > Be prepared to patch high-severity vulnerability in curl and libcurl

Curl and libcurl, a client-side URL transfer library, are developed by the curl project, with the help of contributors and sponsors.

CVE-2023-38545, a high severity flaw that affects both the libcurl library and the curl tool, and.

Since curl is present by default on Linux systems, the project has notified and shared the vulnerability info with developers of a variety of Linux distributions, so they can prepare patches/updates in advance and release them quickly after curl 8.4.0 is made available.

Organizations' should prepare by pinpointing all systems where curl and libcurl are utilized, creating a plan for implementing the fixes, and by monitoring for the release of updates by various providers.

"There is no API nor ABI change in the coming curl release. Updating the shared libcurl library should be enough to fix this issue on all operating systems," Stenberg noted.

"One challenge will be that the curl command line tool can be installed in many different ways, e.g., through the yum and apt package managers used by various Linux distributions or, worse, simply by downloading the binaries from the curl website. Such downloads and subsequent executions are often scripted, i.e., part of Windows batch files or Unix shell scripts, which can make it difficult to find those uses."

News URL

https://www.helpnetsecurity.com/2023/10/10/curl-vulnerabilities-cve-2023-38545/