Home ยป CVE-2023-38545 Patch Released: Curl Unleashes Remedial Measures, Unmasking Vulnerabilities and Disrupting Server Connections via SOCKS5 Proxy

CVE-2023-38545 Patch Released: Curl Unleashes Remedial Measures, Unmasking Vulnerabilities and Disrupting Server Connections via SOCKS5 Proxy

The curl project has released version 8.4.0, addressing vulnerabilities CVE-2023-38545 and CVE-2023-38546, as announced. The CVE-2023-38545 vulnerability represents a highly critical flaw that allows the execution of code on the victim’s machine.

Despite being a code execution vulnerability, the attack conditions are considered appropriately severe. The attacker must be able to trigger the server to connect to any domain. For example, by posting a link that the server downloads for preview, where the server must be behind a SOCKS5 proxy layer. The vulnerability exploits a buffer management bug when the destination machine name exceeds 255 characters.

While the project released specific fixes for version 8.4.0, Jay Satiro, the reporter of this vulnerability, has also created a patch for version 7.69.0. Those who need to use older versions may consider applying the patch and recompiling. Alternatively, if using versions from various distributions, it is likely that the distributions have already provided patches.

TLDR: The curl project has released version 8.4.0 to fix severe vulnerabilities that allow code execution. Attack conditions require server connection to any domain and a machine name exceeding 255 characters. A patch is also available for version 7.69.0. Those using older versions should consider patching and recompiling, or rely on distribution-provided patches.

Source: HackerOne, curl.se

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Immediate Attention Required: WS_FTP Server Exposed to Severe Vulnerabilities Demanding Urgent Updates

Gemini introduces automatic feature code execution for free computation without additional charges

Revealed: Anthropic Disseminates Report on AI Vulnerabilities Succumbing to Answering Unsafe Questions Inappropriately If Repeatedly Posed in Relevant Contexts