image credit: adobe stock
Patches have been released for two security flaws impacting the Curl data transfer library, the most severe of which could potentially result in code execution.
The list of vulnerabilities is as follows –
- CVE-2023-38545 (CVSS score: 7.5) – SOCKS5 heap-based buffer overflow vulnerability
- CVE-2023-38546 (CVSS score: 5.0) – Cookie injection with none file
CVE-2023-38545 is the more severe of the two, and has been described by the project’s lead developer, Daniel Stenberg, as “probably the worst Curl security flaw in a long time.” It affects libcurl versions 7.69.0 to and including 8.3.0.
Comments are closed.
