Lucene search
RedHatRHSA-2023:5763HistoryOct 17, 2023 - 8:40 a.m.
(RHSA-2023:5763) Important: curl security update
2023-10-1708:40:49
access.redhat.com
58
curl
security update
heap-based overflow
socks5
cookie injection
cvss score
0.003 Low
EPSS
Percentile
70.7%
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: a heap-based buffer overflow in the SOCKS5 proxy handshake (CVE-2023-38545)
-
curl: cookie injection with none file (CVE-2023-38546)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 9 | x86_64 | libcurl-debuginfo | < 7.76.1-23.el9_2.4 | libcurl-debuginfo-7.76.1-23.el9_2.4.x86_64.rpm |
| RedHat | 9 | ppc64le | libcurl-minimal-debuginfo | < 7.76.1-23.el9_2.4 | libcurl-minimal-debuginfo-7.76.1-23.el9_2.4.ppc64le.rpm |
| RedHat | 9 | x86_64 | libcurl | < 7.76.1-23.el9_2.4 | libcurl-7.76.1-23.el9_2.4.x86_64.rpm |
| RedHat | 9 | i686 | curl-debugsource | < 7.76.1-23.el9_2.4 | curl-debugsource-7.76.1-23.el9_2.4.i686.rpm |
| RedHat | 9 | ppc64le | libcurl-devel | < 7.76.1-23.el9_2.4 | libcurl-devel-7.76.1-23.el9_2.4.ppc64le.rpm |
| RedHat | 9 | aarch64 | curl-debuginfo | < 7.76.1-23.el9_2.4 | curl-debuginfo-7.76.1-23.el9_2.4.aarch64.rpm |
| RedHat | 9 | ppc64le | curl-minimal | < 7.76.1-23.el9_2.4 | curl-minimal-7.76.1-23.el9_2.4.ppc64le.rpm |
| RedHat | 9 | x86_64 | libcurl-minimal-debuginfo | < 7.76.1-23.el9_2.4 | libcurl-minimal-debuginfo-7.76.1-23.el9_2.4.x86_64.rpm |
| RedHat | 9 | ppc64le | curl-debuginfo | < 7.76.1-23.el9_2.4 | curl-debuginfo-7.76.1-23.el9_2.4.ppc64le.rpm |
| RedHat | 9 | s390x | curl | < 7.76.1-23.el9_2.4 | curl-7.76.1-23.el9_2.4.s390x.rpm |
Related
ubuntu
ubuntu
curl vulnerabilities
2023-10-17 00:00:00
curl vulnerabilities
2023-10-11 00:00:00
curl vulnerability
2023-10-11 00:00:00
slackware
slackware
[slackware-security] curl
2023-10-11 06:45:13
nessus
nessus
Debian DSA-5523-1 : curl - security update
2023-10-11 00:00:00
Fedora 38 : curl (2023-b855de5c0f)
2023-10-13 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1079)
2024-01-09 00:00:00
Fedora: Security Advisory for curl (FEDORA-2023-0f8d1871d8)
2023-10-17 00:00:00
Slackware: Security Advisory (SSA:2023-284-01)
2023-10-12 00:00:00
amazon
amazon
Important: curl
2023-10-10 21:19:00
aix
aix
Multiple vulnerabilities in cURL libcurl affect AIX
2023-12-11 13:22:02
almalinux
almalinux
Important: curl security update
2023-11-07 00:00:00
Important: curl security update
2023-10-17 00:00:00
osv
osv
Important: curl security update
2023-10-17 00:00:00
Important: curl security update
2023-11-07 00:00:00
curl vulnerabilities
2023-10-17 11:22:48
debian
debian
[SECURITY] [DSA 5523-1] curl security update
2023-10-11 06:58:41
[SECURITY] [DLA 3613-1] curl security update
2023-10-11 11:49:02
thn
thn
Security Patch for Two New Flaws in Curl Library Arriving on October 11
2023-10-09 10:32:00
fedora
fedora
[SECURITY] Fedora 37 Update: curl-7.85.0-12.fc37
2023-10-28 01:25:37
[SECURITY] Fedora 38 Update: curl-8.0.1-5.fc38
2023-10-14 01:32:18
[SECURITY] Fedora 39 Update: curl-8.2.1-3.fc39
2023-10-16 15:27:49
paloalto
paloalto
Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)
2023-10-12 20:40:00
mageia
mageia
Updated the curl packages to fix two security vulnerabilities
2023-10-14 01:56:51
cisco
cisco
cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
2023-10-12 16:00:00
ibm
ibm
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libcurl vulnerabilities (CVE-2023-38546, CVE-2023-38545)
2023-11-17 12:13:59
Security Bulletin: IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to libcurl and cURL. (CVE-2023-38546, CVE-2023-38545)
2023-11-20 15:27:29
Security Bulletin: Multiple vulnerabilities in cURL libcurl affect AIX
2023-12-11 20:15:23
rocky
rocky
curl security update
2023-10-24 18:36:52
redhat
redhat
(RHSA-2023:5700) Important: curl security update
2023-10-13 21:38:55
(RHSA-2023:6745) Important: curl security update
2023-11-07 10:08:50
oraclelinux
oraclelinux
curl security update
2023-10-18 00:00:00
curl security update
2023-11-16 00:00:00
redos
redos
ROS-20231016-05
2023-10-16 00:00:00
cloudfoundry
cloudfoundry
USN-6429-1: curl vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
USN-6429-2: curl vulnerability | Cloud Foundry
2023-12-04 00:00:00
qualysblog
qualysblog
Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets
2023-10-06 00:14:06
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0487
2023-10-11 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0667
2023-10-11 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0113
2023-10-11 00:00:00
wizblog
wizblog
cbl_mariner
cbl_mariner
CVE-2023-38545 affecting package cmake for versions less than 3.21.4-10
2023-10-21 15:00:39
CVE-2023-38546 affecting package curl for versions less than 8.3.0-2
2023-10-12 19:11:35
CVE-2023-38545 affecting package curl for versions less than 8.3.0-2
2023-10-12 19:11:35
prion
prion
Heap overflow
2023-10-18 04:15:00
Design/Logic Flaw
2023-10-18 04:15:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Haxx Libcurl
2023-10-12 16:48:26
Exploit for Out-of-bounds Write in Haxx Libcurl
2023-10-16 15:55:32
Exploit for Out-of-bounds Write in Haxx Libcurl
2023-10-12 07:39:15
hackerone
hackerone
curl: CVE-2023-38545: socks5 heap buffer overflow
2023-09-30 08:26:30
curl: [Critical] Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet
2023-10-10 04:25:20
curl: CVE-2023-38546: cookie injection with none file
2023-09-14 14:58:50
mscve
mscve
Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow
2023-10-19 07:00:00
redhatcve
redhatcve
CVE-2023-38546
2023-10-11 13:11:32
CVE-2023-38545
2023-10-11 07:12:30
debiancve
debiancve
CVE-2023-38546
2023-10-18 04:15:11
CVE-2023-38545
2023-10-18 04:15:11
f5
f5
K000137211 : cURL vulnerabilities CVE-2023-38546
2023-10-11 00:00:00
K000137257 : cURL vulnerabilities CVE-2023-38545
2023-10-17 00:00:00
ubuntucve
ubuntucve
CVE-2023-38545
2023-10-11 00:00:00
CVE-2023-38546
2023-10-11 00:00:00
broadcom
broadcom
SOCKS5 heap buffer overflow (CVE-2023-38545)
2023-10-16 00:00:00
cnvd
cnvd
cURL SOCKS5 Heap Overflow Vulnerability
2023-10-11 00:00:00
cve
cve
CVE-2023-38546
2023-10-18 04:15:11
CVE-2023-38545
2023-10-18 04:15:11
alpinelinux
alpinelinux
CVE-2023-38546
2023-10-18 04:15:11
CVE-2023-38545
2023-10-18 04:15:11
nvd
nvd
CVE-2023-38546
2023-10-18 04:15:11
CVE-2023-38545
2023-10-18 04:15:11
cloudlinux
cloudlinux
curl: Fix of CVE-2023-38546
2023-10-16 13:58:12
cgr
cgr
CVE-2023-38546 vulnerabilities
2024-05-19 03:07:16
CVE-2023-38545 vulnerabilities
2024-05-19 03:07:16
cvelist
cvelist
CVE-2023-38546
2023-10-18 03:51:31
CVE-2023-38545
2023-10-18 03:52:00
veracode
veracode
Cookie Injection
2023-10-12 08:53:47
Heap Buffer Overflow
2023-10-11 14:40:13
wolfi
wolfi
CVE-2023-38546 vulnerabilities
2024-06-29 09:08:33
CVE-2023-38545 vulnerabilities
2024-06-29 09:08:33
freebsd
freebsd
curl -- SOCKS5 heap buffer overflow
2023-09-30 00:00:00
veeam
veeam
Vulnerability Scanner Detection Related to CVE-2023-38545
2023-12-12 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2379
2024-03-26 11:18:17
ics
ics
Siemens RUGGEDCOM APE1808
2024-03-14 12:00:00
Rockwell Automation FactoryTalk Activation
2024-01-04 12:00:00
kaspersky
kaspersky
KLA61541 Multiple vulnerabilities in Microsoft Windows
2023-10-19 00:00:00