CVE-2023-38546
published 2023-10-18CVE-2023-38546: This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs…
PriorityP421low3.7CVSS 3.1
AVNACHPRNUINSUCNILAN
EPSS
6.21%
92.6th percentile
This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met.
libcurl performs transfers. In its API, an application creates "easy handles"
that are the individual handles for single transfers.
libcurl provides a function call that duplicates en easy handle called
[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).
If a transfer has cookies enabled when the handle is duplicated, the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle did not read any cookies from a specific file on
disk, the cloned version of the handle would instead store the file name as
`none` (using the four ASCII letters, no quotes).
Subsequent use of the cloned handle that does not explicitly set a source to
load cookies from would then inadvertently load cookies from a file named
`none` - if such a file exists and is readable in the current directory of the
program using libcurl. And if using the correct file format of course.
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_monterey | — | — |
| apple | macos_sonoma | — | — |
| apple | macos_ventura | — | — |
| curl | curl | >= 8.4.0 < 8.4.0 | 8.4.0 |
| debian | curl | < curl 7.88.1-10+deb12u4 (bookworm) | curl 7.88.1-10+deb12u4 (bookworm) |
| haxx | curl | >= 0 < 8.4.0-r0 | 8.4.0-r0 |
| haxx | curl | >= 0 < 8.4.0-r0 | 8.4.0-r0 |
| haxx | curl | >= 0 < 8.4.0-r0 | 8.4.0-r0 |
| haxx | curl | >= 0 < 8.4.0-r0 | 8.4.0-r0 |
| haxx | curl | >= 0 < 8.4.0-r0 | 8.4.0-r0 |
| haxx | curl | >= 0 < 8.4.0-r0 | 8.4.0-r0 |
| haxx | curl | >= 0 < 8.4.0-r0 | 8.4.0-r0 |
| haxx | curl | >= 0 < 8.4.0-r0 | 8.4.0-r0 |
| haxx | curl | >= 0 < 8.4.0-r0 | 8.4.0-r0 |
| haxx | curl | >= 0 < 7.74.0-1.3+deb11u10 | 7.74.0-1.3+deb11u10 |
| haxx | curl | >= 0 < 7.88.1-10+deb12u4 | 7.88.1-10+deb12u4 |
| haxx | curl | >= 0 < 8.3.0-3 | 8.3.0-3 |
| haxx | curl | >= 0 < 8.3.0-3 | 8.3.0-3 |
| haxx | curl | >= 0 < 7.68.0-1ubuntu2.20 | 7.68.0-1ubuntu2.20 |
| haxx | curl | >= 0 < 7.81.0-1ubuntu1.14 | 7.81.0-1ubuntu1.14 |
| haxx | curl | >= 0 < 8.2.1-1ubuntu3.1 | 8.2.1-1ubuntu3.1 |
| haxx | curl | >= 0 < 7.35.0-1ubuntu2.20+esm17 | 7.35.0-1ubuntu2.20+esm17 |
| haxx | curl | >= 0 < 7.47.0-1ubuntu2.19+esm10 | 7.47.0-1ubuntu2.19+esm10 |
| haxx | curl | >= 0 < 7.58.0-2ubuntu3.24+esm2 | 7.58.0-2ubuntu3.24+esm2 |
| haxx | libcurl | >= 7.9.1 < 8.4.0 | 8.4.0 |
CVSS provenance
nvdv3.13.7LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
osv9.8CRITICAL
vendor_cisco9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian3.7LOW
vendor_msrc3.7LOW
vendor_oracle3.7LOW
vendor_redhat3.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-SA-2025-0012 Informational Bulletin: OSS CVEs Fixed in PAN-OS
vendor_paloalto·2025-07-09·CVSS 7.5
CVE-2018-6594 [HIGH] PAN-SA-2025-0012 Informational Bulletin: OSS CVEs Fixed in PAN-OS
PAN-SA-2025-0012 Informational Bulletin: OSS CVEs Fixed in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution. CVE Summary CVE-2018-6594 This CVE is fixed in PAN-OS 10.2.17, 11.1.11, 11.2.8, 12.1.2, and all later versions of PAN-OS CVE-2018-25032 This CVE is fixed in PAN-OS 10.1.7, 10.2.2, and all later versions of PAN-OS CVE-2019-5827 This CVE is fixed in PAN-OS 11.1.4, and all later versions of PAN-OS. CVE-2019-13750 This CVE is fixed in PAN-OS 11.1.4, and all later versions of PAN-OS. CVE-2019-13751 This CVE is fixed in PAN-OS 11.1.4, and all later versions
CISA ICS
Siemens SIMATIC S7-1500 CPU Family
cisa_ics·2025-06-12
Siemens SIMATIC S7-1500 CPU Family
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU Family
Release DateJune 12, 2025
Alert CodeICSA-25-162-05
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU family
- Vulnerabilities: Missing Encryption of Sensitive Data, Out-of-bounds Read, Use After Free, Stack-
Oracle
Oracle Oracle Analytics Risk Matrix: Platform Security (libcurl) — CVE-2023-38546
vendor_oracle·2025-04-15·CVSS 3.7
CVE-2023-38546 [LOW] Oracle Oracle Analytics Risk Matrix: Platform Security (libcurl) — CVE-2023-38546
Oracle Oracle Analytics Risk Matrix: Platform Security (libcurl) vulnerability
CVE: CVE-2023-38546
CVSS: 3.7
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2025 (APR 2025)
CISA ICS
Siemens SIMATIC RTLS Locating Manager
cisa_ics·2024-05-16
Siemens SIMATIC RTLS Locating Manager
ICS Advisory
##
Siemens SIMATIC RTLS Locating Manager
Release DateMay 16, 2024
Alert CodeICSA-24-137-07
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC RTLS Locating Manager
- Vulnerabilities: Improper Input Validation, Improper Check for Unusual or Exceptional Conditions, Uncontrolled Resource Consumption, Excessive Iteration, Allocation of Resources Wi
CISA ICS
Siemens RUGGEDCOM APE1808
cisa_ics·2024-03-14
Siemens RUGGEDCOM APE1808
ICS Advisory
##
Siemens RUGGEDCOM APE1808
Release DateMarch 14, 2024
Alert CodeICSA-24-074-05
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: RUGGEDCOM APE1808
- Vulnerabilities: Heap-based Buffer Overflow, External Control of File Name or Path, Improper Privilege Management, Uncontrolled Resource Consumption, Improper Certificate Validation, Out-of-bounds Write,
CISA ICS
Siemens SINEC NMS
cisa_ics·2024-02-15
Siemens SINEC NMS
ICS Advisory
##
Siemens SINEC NMS
Release DateFebruary 15, 2024
Alert CodeICSA-24-046-15
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SINEC NMS
- Vulnerabilities: Out-of-bounds Read, Inadequate Encryption Strength, Double Free, Use After Free, NULL Pointer Dereference, Improper Input Validation, Missing Encryption of Sensitive Data, Allocation of Resources Wit
Apple
CVE-2023-38546: macOS Ventura 13.6.4
vendor_apple·2024-01-22·CVSS 3.7
CVE-2023-38546 [LOW] CVE-2023-38546: macOS Ventura 13.6.4
Apple Security Update: About the security content of macOS Ventura 13.6.4
Product: macOS Ventura
Version: 13.6.4
CVE: CVE-2023-38546
Component: CVE-2023-38546
Apple
CVE-2023-38546: macOS Monterey 12.7.3
vendor_apple·2024-01-22·CVSS 3.7
CVE-2023-38546 [LOW] CVE-2023-38546: macOS Monterey 12.7.3
Apple Security Update: About the security content of macOS Monterey 12.7.3
Product: macOS Monterey
Version: 12.7.3
CVE: CVE-2023-38546
Component: CVE-2023-38546
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
cisa_ics·2023-12-14
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Release DateDecember 14, 2023
Alert CodeICSA-23-348-10
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
- Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss
Apple
CVE-2023-38546: macOS Sonoma 14.2
vendor_apple·2023-12-11·CVSS 3.7
CVE-2023-38546 [LOW] CVE-2023-38546: macOS Sonoma 14.2
Apple Security Update: About the security content of macOS Sonoma 14.2
Product: macOS Sonoma
Version: 14.2
CVE: CVE-2023-38546
Component: CVE-2023-38546
Ubuntu
curl vulnerabilities
vendor_ubuntu·2023-10-17·CVSS 9.8
CVE-2023-38546 [CRITICAL] curl vulnerabilities
Title: curl vulnerabilities
Summary: Several security issues were fixed in curl.
USN-6429-1 fixed vulnerabilities in curl. This update provides the
corresponding updates for Ubuntu 23.10.
Original advisory details:
Jay Satiro discovered that curl incorrectly handled hostnames when using a
SOCKS5 proxy. In environments where curl is configured to use a SOCKS5
proxy, a remote attacker could possibly use this issue to execute arbitrary
code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-38545)
It was discovered that curl incorrectly handled cookies when an application
duplicated certain handles. A local attacker could possibly create a cookie
file and inject arbitrary cookies into subsequent connections.
(CVE-2023-38546)
Instructions: In general, a standard syst
Cisco
cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
vendor_cisco·2023-10-12·CVSS 9.8
CVE-2023-38545 [CRITICAL] CWE-122 cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
On October 11, 2023, cURL released Version 8.4.0 of the cURL utility and the libcurl library. This release addressed two security vulnerabilities:
CVE-2023-38545 – High Security Impact Rating (SIR)
CVE-2023-38546 – Low SIR
This advisory covers CVE-2023-38545 only. For more information about this vulnerability, see the cURL advisory.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-curl-libcurl-D9ds39cV
Palo Alto
Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)
vendor_paloalto·2023-10-12·CVSS 9.8
CVE-2023-38545 [CRITICAL] CWE-120 Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)
Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)
The Palo Alto Networks Product Security Assurance team has evaluated the curl and libcurl vulnerabilities (CVE-2023-38545, CVE-2023-38546) that were disclosed on October 11, 2023 as they relate to our products.
At this time, there are no demonstrated scenarios that enable successful exploitation of these vulnerabilities in our products.
Affected products: Cloud NGFW, Cortex XDR, Cortex XDR Agent, PAN-OS, Prisma Access, Prisma Cloud, Prisma SD-WAN ION
Solution: No software updates are required at this time.
Workaround: Customers with a Threat Prevention subscription can block attacks for CVE-2023-38545 by enabling Threat ID 94436 (Applications and Threats content update 8764).
Ubuntu
curl vulnerabilities
vendor_ubuntu·2023-10-11·CVSS 9.8
CVE-2023-38546 [CRITICAL] curl vulnerabilities
Title: curl vulnerabilities
Summary: Several security issues were fixed in curl.
Jay Satiro discovered that curl incorrectly handled hostnames when using a
SOCKS5 proxy. In environments where curl is configured to use a SOCKS5
proxy, a remote attacker could possibly use this issue to execute arbitrary
code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-38545)
It was discovered that curl incorrectly handled cookies when an application
duplicated certain handles. A local attacker could possibly create a cookie
file and inject arbitrary cookies into subsequent connections.
(CVE-2023-38546)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
curl: cookie injection with none file
vendor_redhat·2023-10-11·CVSS 3.7
CVE-2023-38546 [LOW] CWE-73 curl: cookie injection with none file
curl: cookie injection with none file
This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met.
libcurl performs transfers. In its API, an application creates "easy handles"
that are the individual handles for single transfers.
libcurl provides a function call that duplicates en easy handle called
[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).
If a transfer has cookies enabled when the handle is duplicated, the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle did not read any cookies from a specific file on
disk, the cloned version of the handle would instead store the file name as
`none` (using the four ASCII letters, no quotes).
Su
Ubuntu
curl vulnerability
vendor_ubuntu·2023-10-11·CVSS 3.7
CVE-2023-38546 [LOW] curl vulnerability
Title: curl vulnerability
Summary: Several security issues were fixed in curl.
USN-6429-1 fixed a vulnerability in curl. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS
and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that curl incorrectly handled cookies when an application
duplicated certain handles. A local attacker could possibly create a cookie
file and inject arbitrary cookies into subsequent connections.
(CVE-2023-38546)
Instructions: In general, a standard system update will make all the necessary changes.
Microsoft
This flaw allows an attacker to insert cookies at will into a running program
using libcurl if the specific series of conditions are met.
libcurl performs transfers. In its API an application creates
vendor_msrc·2023-10-10·CVSS 3.7
CVE-2023-38546 [LOW] This flaw allows an attacker to insert cookies at will into a running program
using libcurl if the specific series of conditions are met.
libcurl performs transfers. In its API an application creates
This flaw allows an attacker to insert cookies at will into a running program
using libcurl if the specific series of conditions are met.
libcurl performs transfers. In its API an application creates "easy handles"
that are the individual handles for single transfers.
libcurl provides a function call that duplicates en easy handle called
[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).
If a transfer has cookies enabled when the handle is duplicated the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle did not read any cookies from a specific file on
disk the cloned version of the handle would instead store the file name as
`none` (using the four ASCII letters no quotes).
Subsequent use of the cloned handle that d
Debian
CVE-2023-38546: curl - This flaw allows an attacker to insert cookies at will into a running program us...
vendor_debian·2023·CVSS 3.7
CVE-2023-38546 [LOW] CVE-2023-38546: curl - This flaw allows an attacker to insert cookies at will into a running program us...
This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that
Cisco
cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
vendor_cisco·CVSS 3.1
CVE-2023-38545 cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
CVE-2023-38545: cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
On October 11, 2023, cURL released Version 8.4.0 of the cURL utility and the libcurl library. This release addressed two security vulnerabilities: CVE-2023-38545 - High Security Impact Rating (SIR) CVE-2023-38546 - Low SIR This advisory covers CVE-2023-38545 only. For more information about this vulnerability, see the cURL advisory . This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-curl-libcurl-D9ds39cV
CVSS: 3.1
CWE: CWE-122, CWE-122
Cisco
cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
vendor_cisco·CVSS 3.1
CVE-2023-38546 cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
CVE-2023-38546: cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
On October 11, 2023, cURL released Version 8.4.0 of the cURL utility and the libcurl library. This release addressed two security vulnerabilities: CVE-2023-38545 - High Security Impact Rating (SIR) CVE-2023-38546 - Low SIR This advisory covers CVE-2023-38545 only. For more information about this vulnerability, see the cURL advisory . This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-curl-libcurl-D9ds39cV
CVSS: 3.1
CWE: CWE-122, CWE-122
OSV
CVE-2023-38546: This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met
osv·2023-10-18·CVSS 3.7
CVE-2023-38546 [LOW] CVE-2023-38546: This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met
This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met.
libcurl performs transfers. In its API, an application creates "easy handles"
that are the individual handles for single transfers.
libcurl provides a function call that duplicates en easy handle called
[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).
If a transfer has cookies enabled when the handle is duplicated, the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle did not read any cookies from a specific file on
disk, the cloned version of the handle would instead store the file name as
`none` (using the four ASCII letters, no quotes).
Subsequent use of the cloned handle t
OSV
CVE-2023-38546: This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met
osv·2023-10-18·CVSS 3.7
CVE-2023-38546 [LOW] CVE-2023-38546: This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met
This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that
GHSA
GHSA-x3qx-m3c2-qfhx: This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met
ghsa_unreviewed·2023-10-18
CVE-2023-38546 [LOW] GHSA-x3qx-m3c2-qfhx: This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met
This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met.
libcurl performs transfers. In its API, an application creates "easy handles"
that are the individual handles for single transfers.
libcurl provides a function call that duplicates en easy handle called
[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).
If a transfer has cookies enabled when the handle is duplicated, the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle did not read any cookies from a specific file on
disk, the cloned version of the handle would instead store the file name as
`none` (using the four ASCII letters, no quotes).
Subsequent use of the cloned handle t
OSV
curl vulnerabilities
osv·2023-10-17·CVSS 9.8
CVE-2023-38545 [CRITICAL] curl vulnerabilities
curl vulnerabilities
USN-6429-1 fixed vulnerabilities in curl. This update provides the
corresponding updates for Ubuntu 23.10.
Original advisory details:
Jay Satiro discovered that curl incorrectly handled hostnames when using a
SOCKS5 proxy. In environments where curl is configured to use a SOCKS5
proxy, a remote attacker could possibly use this issue to execute arbitrary
code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-38545)
It was discovered that curl incorrectly handled cookies when an application
duplicated certain handles. A local attacker could possibly create a cookie
file and inject arbitrary cookies into subsequent connections.
(CVE-2023-38546)
OSV
curl vulnerability
osv·2023-10-11·CVSS 3.7
CVE-2023-38546 [LOW] curl vulnerability
curl vulnerability
USN-6429-1 fixed a vulnerability in curl. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS
and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that curl incorrectly handled cookies when an application
duplicated certain handles. A local attacker could possibly create a cookie
file and inject arbitrary cookies into subsequent connections.
(CVE-2023-38546)
OSV
curl vulnerabilities
osv·2023-10-11·CVSS 9.8
CVE-2023-38545 [CRITICAL] curl vulnerabilities
curl vulnerabilities
Jay Satiro discovered that curl incorrectly handled hostnames when using a
SOCKS5 proxy. In environments where curl is configured to use a SOCKS5
proxy, a remote attacker could possibly use this issue to execute arbitrary
code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-38545)
It was discovered that curl incorrectly handled cookies when an application
duplicated certain handles. A local attacker could possibly create a cookie
file and inject arbitrary cookies into subsequent connections.
(CVE-2023-38546)
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Hyped up curl vulnerability falls short of expectations
blogs_bleepingcomputer·2023-10-12·CVSS 9.8
CVE-2023-38545 [CRITICAL] Hyped up curl vulnerability falls short of expectations
## Hyped up curl vulnerability falls short of expectations
## Lawrence Abrams
curl 8.4.0 has been released to patch and release details on a hyped up high-severity security vulnerability (CVE-2023-38545), easing week-long concerns regarding the flaw’s severity.
curl is a command line utility that allows you to transfer data over various protocols, most commonly used to connect to websites. An associated libcurl library enables developers to incorporate curl into their applications for easy file transfer support.
On October 4th, curl developer Daniel Stenberg warned that the development cycle for curl 8.4.0 would be cut short, and the new version would be released on October 11th to resolve a vulnerability, warning its the worst curl security flaw seen in a long time.
"We are cutting t
Qualys
Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets
blogs_qualys·2023-10-06·CVSS 9.8
CVE-2023-38545 [CRITICAL] Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets
## Table of Contents
What is Curl and libcurl?
What Are Curl Vulnerabilities CVE-2023-38545 & CVE-2023-38546?
Vulnerable Versions
What Should Organizations Do?
How Can Qualys Help?
Discover Vulnerable Instances Using Qualys VMDR
DetectVulnerableVersionsoflibcurlUsingQualysCustomAssessmentandRemediation(CAR)
Patch Vulnerable Systems Using Qualys Patch Management (PM)
Qualys QID Coverage
What vulnerabilities were remediated in curl 8.4.0?
Conclusion
On Wednesday, October 4, 2023, the curl project maintainers announced pre-notification for curl version 8.4.0 to be released on October 11. This version will fix two new vulnerabilities with one high and one low-severity CVE. The prenotification stated that the high-severity issue is arguably the most critical security flaw identified
Qualys
Curl 8.4.0 Vulnerability Detection & Mitigation | Qualys
blogs_qualys·2023-10-06·CVSS 9.8
CVE-2023-38545 [CRITICAL] Curl 8.4.0 Vulnerability Detection & Mitigation | Qualys
#### Table of Contents
- What is Curl and libcurl?
- What Are Curl Vulnerabilities CVE-2023-38545 & CVE-2023-38546?
- Vulnerable Versions
- What Should Organizations Do?
- How Can Qualys Help?
- Discover Vulnerable Instances Using Qualys VMDR
- DetectVulnerableVersionsoflibcurlUsingQualysCustomAssessmentandRemediation(CAR)
- Patch Vulnerable Systems Using Qualys Patch Management (PM)
- Qualys QID Coverage
- What vulnerabilities were remediated in curl 8.4.0?
- Conclusion
On Wednesday, October 4, 2023, the curl project maintainers announced pre-notification for curl version 8.4.0 to be released on October 11. This version will fix two new vulnerabilities with one high and one low-severity CVE. The prenotification stated that the high-severity issue is arguably the most critical security f
Tenable
CVE-2023-38545, CVE-2023-38546: Frequently Asked Questions for New Vulnerabilities in curl
blogs_tenable·2023-10-04·CVSS 9.8
[CRITICAL] CVE-2023-38545, CVE-2023-38546: Frequently Asked Questions for New Vulnerabilities in curl
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
HackerOne
[CVE-2023-38546] cookie injection with none file
hackerone·2023-11-23·CVSS 3.7
CVE-2023-38546 [LOW] [CVE-2023-38546] cookie injection with none file
[CVE-2023-38546] cookie injection with none file
https://hackerone.com/reports/2148242
## Impact
cookie injection into a program using libcurl, if several conditions are met
CVE-2023-38546 - cookie injection with none file
VULNERABILITY
This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met.
libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers.
libcurl provides a function call that duplicates an easy handle called curl_easy_duphandle.
If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies f
http://seclists.org/fulldisclosure/2024/Jan/34http://seclists.org/fulldisclosure/2024/Jan/37http://seclists.org/fulldisclosure/2024/Jan/38https://curl.se/docs/CVE-2023-38546.htmlhttps://forum.vmssoftware.com/viewtopic.php?f=8&t=8868https://lists.fedoraproject.org/archives/list/[email protected]/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/https://support.apple.com/kb/HT214036https://support.apple.com/kb/HT214057https://support.apple.com/kb/HT214058https://support.apple.com/kb/HT214063http://seclists.org/fulldisclosure/2024/Jan/34http://seclists.org/fulldisclosure/2024/Jan/37http://seclists.org/fulldisclosure/2024/Jan/38https://curl.se/docs/CVE-2023-38546.htmlhttps://forum.vmssoftware.com/viewtopic.php?f=8&t=8868https://lists.debian.org/debian-lts-announce/2023/10/msg00016.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/https://support.apple.com/kb/HT214036https://support.apple.com/kb/HT214057https://support.apple.com/kb/HT214058https://support.apple.com/kb/HT214063https://cert-portal.siemens.com/productcert/html/ssa-082556.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-093430.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-832273.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-943925.html
2023-10-18
Published