October 12, 2023 at 10:34AM Curl 8.4.0 has been released to address a high-severity security vulnerability (CVE-2023-38546), which caused concerns about its impact. The release includes fixes for two vulnerabilities: a high-severity heap buffer overflow bug and a low-severity cookie injection flaw. The exploit for the heap buffer overflow bug requires specific configurations and timing, … Read more
October 11, 2023 at 06:09AM The latest version of the curl command line transfer tool was released today, addressing two separate vulnerabilities. The first vulnerability is a heap-based buffer overflow flaw that affects both libcurl and the curl tool. The second vulnerability is a less-severe cookie injection flaw that only affects libcurl. Users are advised … Read more
October 10, 2023 at 10:33AM Curl version 8.4.0 is set to be released tomorrow, addressing two security flaws. One of the flaws is considered the worst security flaw in curl in a long time. The update will address CVE-2023-38545, affecting both libcurl and the curl tool, and CVE-2023-38546, affecting libcurl only. The update does not … Read more