CVE-2023-38545

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer OverflowCWE-1395CWE-119Buffer Overflow33 documents21 sources
Severity
9.8CRITICAL
EPSS
26.3%
top 3.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Curl CurlHaxx LibcurlMicrosoft Windows 10 1809+8 more
Timeline
PublishedOct 18
Latest updateOct 22

Description

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages13 packages

CVEListV5curl/curl8.4.08.4.0
PyPIcurl-cffi< 0.7.0b6
NVDhaxx/libcurl7.69.08.4.0
Alpinecurl< 8.4.0-r0+8
Debiancurl< 7.74.0-1.3+deb11u10+3

Also affects: Fedora 37

Patches

Patch: curl.sePatch: www.secpod.comPatch: curl.se

🔴Vulnerability Details

8
OSV
curl_cffi bundles a version of libcurl affected by High Severity vulnerability2024-10-22
GHSA
curl_cffi bundles a version of libcurl affected by High Severity vulnerability2024-10-22
OSV
CVE-2023-38545: This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake2023-10-18
CVEList
CVE-2023-38545: This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake2023-10-18
OSV
CVE-2023-38545: This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake2023-10-18

🔍Detection Rules

1
Elastic
Deprecated - Potential curl CVE-2023-38545 Exploitation

📋Vendor Advisories

14
Oracle
Oracle Oracle Analytics Risk Matrix: Analytics Server (curl) — CVE-2023-385452024-10-15
Oracle
Oracle Oracle PeopleSoft Risk Matrix: File Processing (curl) — CVE-2023-385452024-04-15
Apple
CVE-2023-38545: macOS Monterey 12.7.32024-01-22
Apple
CVE-2023-38545: macOS Ventura 13.6.42024-01-22
Oracle
Oracle Oracle Database Server Risk Matrix: Oracle Spatial and Graph (curl) — CVE-2023-385452024-01-15

🕵️Threat Intelligence

7
Bleepingcomputer
Hyped up curl vulnerability falls short of expectations2023-10-12
Wiz
CVE-2023-38545: Everything You Need to Know | Wiz Blog2023-10-11
Wiz
CVE-2023-38545: Everything You Need to Know | Wiz Blog2023-10-11
Qualys
Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets2023-10-06
Qualys
Curl 8.4.0 Vulnerability Detection & Mitigation | Qualys2023-10-06

💬Community

1
HackerOne
CVE-2023-38545: socks5 heap buffer overflow2023-10-11