October 12, 2023 at 09:59AM The recently fixed vulnerabilities in the command-line tool curl and the libcurl library require security teams to identify and remediate impacted systems. The vulnerabilities can only be exploited under specific conditions. Organizations should scan their environment using software analysis tools to assess which systems are using curl and libcurl. Additionally, … Read more
October 12, 2023 at 01:01AM Patches have been released for two security flaws in the Curl data transfer library. The more severe vulnerability, labeled CVE-2023-38545, allows for code execution and is considered one of the worst security flaws in Curl in a long time. The other vulnerability, CVE-2023-38546, enables cookie injection. Both flaws have been … Read more
October 11, 2023 at 12:06PM Patches have been released for a critical memory corruption vulnerability in the cURL data transfer project. The flaw, tracked as CVE-2023-38545, affects the SOCKS5 proxy handshake process in cURL, allowing remote exploitation in certain configurations. The bug can lead to heap buffer overflow, and affected versions are 7.69.0 to 8.3.0. … Read more
October 11, 2023 at 06:09AM The latest version of the curl command line transfer tool was released today, addressing two separate vulnerabilities. The first vulnerability is a heap-based buffer overflow flaw that affects both libcurl and the curl tool. The second vulnerability is a less-severe cookie injection flaw that only affects libcurl. Users are advised … Read more