The widely popular curl client HTTP project has announced its plan to release a patch that addresses a critical vulnerability. The patch is set to be released on October 11th, with the declaration that it’s the most severe vulnerability “in a long time.” This patch consists of two vulnerabilities: CVE-2023-38545, which is highly severe and impacts both the curl library and the curl command itself, and CVE-2023-38546, a low-severity vulnerability that specifically affects the library.
Daniel Stenberg, the maintainer of the curl project, stated that he cannot provide any information at the moment, including which versions are affected by this vulnerability. However, he did mention that this bug has impacted curl for “several years.”
Currently, curl is collaborating with various distributions of Linux to prepare for the simultaneous distribution of the patch. The actual patch will be released on the 11th at 06:00 UTC or 1:00 PM in Thailand local time.
TLDR: The curl client HTTP project has announced the upcoming release of a patch to address a highly severe vulnerability impacting both the library and the command. The patch will be released on October 11th, with no specific version information available at this time. Collaboration with Linux distributions is underway, and the patch will be distributed simultaneously.
Leave a Comment