October 12, 2023 at 10:34AM Curl 8.4.0 has been released to address a high-severity security vulnerability (CVE-2023-38546), which caused concerns about its impact. The release includes fixes for two vulnerabilities: a high-severity heap buffer overflow bug and a low-severity cookie injection flaw. The exploit for the heap buffer overflow bug requires specific configurations and timing, … Read more
October 12, 2023 at 01:01AM Patches have been released for two security flaws in the Curl data transfer library. The more severe vulnerability, labeled CVE-2023-38545, allows for code execution and is considered one of the worst security flaws in Curl in a long time. The other vulnerability, CVE-2023-38546, enables cookie injection. Both flaws have been … Read more
October 11, 2023 at 04:24PM The cybersecurity community anxiously awaited the disclosure of two security flaws in the open source proxy resolution tool, Curl. However, after patches and bug details were unveiled, neither vulnerability lived up to the hype. The first flaw could allow data corruption or remote code execution, but it only affects a … Read more