CVE-2023-38546

Two High-Risk Security Flaws Discovered in Curl Library – New Patches Released

by

October 12, 2023 at 01:01AM Patches have been released for two security flaws in the Curl data transfer library. The more severe vulnerability, labeled CVE-2023-38545, allows for code execution and is considered one of the worst security flaws in Curl in a long time. The other vulnerability, CVE-2023-38546, enables cookie injection. Both flaws have been … Read more

curl vulnerabilities ironed out with patches after week-long tease

by

October 11, 2023 at 06:09AM The latest version of the curl command line transfer tool was released today, addressing two separate vulnerabilities. The first vulnerability is a heap-based buffer overflow flaw that affects both libcurl and the curl tool. The second vulnerability is a less-severe cookie injection flaw that only affects libcurl. Users are advised … Read more