9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
70.7%
curl is vulnerable to Heap Buffer Overflow. The vulnerability is due to the SOCKS5 proxy handshake. If the hostname is longer then 255 bytes, curl switches to local name resolution, and passes the resolved address to the proxy. If the SOCKS5 handshake is slow, the long hostname is directly copied into the buffer resulting in a Heap Buffer Overflow and possible Arbitrary Code Execution.
seclists.org/fulldisclosure/2024/Jan/34
seclists.org/fulldisclosure/2024/Jan/37
seclists.org/fulldisclosure/2024/Jan/38
curl.se/docs/CVE-2023-38545.html
daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/
github.com/curl/curl/commit/fb4415d8aee6c1045be932a34fe6107c2f5ed147
github.com/curl/curl/releases/tag/curl-8_4_0
hackerone.com/reports/2187833
lists.fedoraproject.org/archives/list/[email protected]/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/
security.netapp.com/advisory/ntap-20231027-0009/
security.netapp.com/advisory/ntap-20240201-0005/
support.apple.com/kb/HT214036
support.apple.com/kb/HT214057
support.apple.com/kb/HT214058
support.apple.com/kb/HT214063
www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/