Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS2-2023-2287
HistoryOct 10, 2023 - 9:19 p.m.

Important: curl

2023-10-1021:19:00
alas.aws.amazon.com
22
buffer overflow
socks5 proxy
cookies
libcurl
security issue

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.4%

JSON

Issue Overview:

An issue was found in curl that can cause a buffer overflow in its SOCKS5 proxy communications code.

When curl is using a SOCKS5 proxy and it needs to resolve a hostname to an IP address, its default behavior is to pass the hostname to the proxy and allow it to perform the resolution. In cases where the hostname is greater than 255 characters in length, curl will instead attempt to perform the resolution locally and then pass the resolved IP to the proxy for its use. Due to an issue in the curl source code, the logic that determines whether curl should resolve the name locally or pass it to the proxy for resolution could make an incorrect decision when a slow SOCKS5 handshake occurs. If this occurs, curl may inadvertently copy an excessively long host name, rather than the resolved address, into the target buffer being prepared for transmission to the proxy, resulting in a buffer overflow. (CVE-2023-38545)

An issue was found in libcurl which allows cookies to be inserted into a running program if specific conditions are met. The libcurl provided function, curl_easy_duphandle(), is used to duplicate the easy_handle associated with a transfer. If a duplicated transfer’s easy_handle has cookies enabled when it is duplicated, the cookie-enabled state is cloned but the actual cookies are not. If the source easy_handle didn’t read cookies from disk, the cloned easy_handle will attempt to read cookies from a file named ‘none’ in the local directory, potentially allowing arbitrary cookies to be loaded. (CVE-2023-38546)

Affected Packages:

curl

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update curl to update your system.

New Packages:

aarch64:  
    curl-8.3.0-1.amzn2.0.4.aarch64  
    libcurl-8.3.0-1.amzn2.0.4.aarch64  
    libcurl-devel-8.3.0-1.amzn2.0.4.aarch64  
    curl-debuginfo-8.3.0-1.amzn2.0.4.aarch64  
  
i686:  
    curl-8.3.0-1.amzn2.0.4.i686  
    libcurl-8.3.0-1.amzn2.0.4.i686  
    libcurl-devel-8.3.0-1.amzn2.0.4.i686  
    curl-debuginfo-8.3.0-1.amzn2.0.4.i686  
  
src:  
    curl-8.3.0-1.amzn2.0.4.src  
  
x86_64:  
    curl-8.3.0-1.amzn2.0.4.x86_64  
    libcurl-8.3.0-1.amzn2.0.4.x86_64  
    libcurl-devel-8.3.0-1.amzn2.0.4.x86_64  
    curl-debuginfo-8.3.0-1.amzn2.0.4.x86_64

Additional References

Red Hat: CVE-2023-38545, CVE-2023-38546

Mitre: CVE-2023-38545, CVE-2023-38546

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64curl< 8.3.0-1.amzn2.0.4curl-8.3.0-1.amzn2.0.4.aarch64.rpm
Amazon Linux2aarch64libcurl< 8.3.0-1.amzn2.0.4libcurl-8.3.0-1.amzn2.0.4.aarch64.rpm
Amazon Linux2aarch64libcurl-devel< 8.3.0-1.amzn2.0.4libcurl-devel-8.3.0-1.amzn2.0.4.aarch64.rpm
Amazon Linux2aarch64curl-debuginfo< 8.3.0-1.amzn2.0.4curl-debuginfo-8.3.0-1.amzn2.0.4.aarch64.rpm
Amazon Linux2i686curl< 8.3.0-1.amzn2.0.4curl-8.3.0-1.amzn2.0.4.i686.rpm
Amazon Linux2i686libcurl< 8.3.0-1.amzn2.0.4libcurl-8.3.0-1.amzn2.0.4.i686.rpm
Amazon Linux2i686libcurl-devel< 8.3.0-1.amzn2.0.4libcurl-devel-8.3.0-1.amzn2.0.4.i686.rpm
Amazon Linux2i686curl-debuginfo< 8.3.0-1.amzn2.0.4curl-debuginfo-8.3.0-1.amzn2.0.4.i686.rpm
Amazon Linux2x86_64curl< 8.3.0-1.amzn2.0.4curl-8.3.0-1.amzn2.0.4.x86_64.rpm
Amazon Linux2x86_64libcurl< 8.3.0-1.amzn2.0.4libcurl-8.3.0-1.amzn2.0.4.x86_64.rpm
Rows per page:
1-10 of 121

Related

nessus 57
openvas 30
osv 12
aix 1
almalinux 3
debian 2
slackware 1
ubuntu 3
fedora 3
thn 2
oraclelinux 2
cloudfoundry 2
redos 1
redhat 11
qualysblog 1
ibm 9
paloalto 1
cisco 1
mageia 1
rocky 2
photon 3
debiancve 2
cbl_mariner 8
githubexploit 7
prion 2
wizblog 1
redhatcve 2
f5 2
mscve 1
hackerone 4
cve 2
broadcom 1
ubuntucve 2
cnvd 1
veracode 2
wolfi 2
alpinelinux 2
cloudlinux 1
cgr 2
rosalinux 1
veeam 1
freebsd 1
ics 2
kaspersky 1
apple 1
nessus
nessus
EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-3294)
2024-01-16 00:00:00
Fedora 37 : curl (2023-fef2b8da32)
2023-10-27 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2023:4044-1)
2023-10-13 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1079)
2024-01-09 00:00:00
Slackware: Security Advisory (SSA:2023-284-01)
2023-10-12 00:00:00
Fedora: Security Advisory for curl (FEDORA-2023-0f8d1871d8)
2023-10-17 00:00:00
osv
osv
Important: curl security update
2023-11-07 00:00:00
Important: curl security update
2023-10-17 00:00:00
curl vulnerabilities
2023-10-17 11:22:48
aix
aix
Multiple vulnerabilities in cURL libcurl affect AIX
2023-12-11 13:22:02
almalinux
almalinux
Important: curl security update
2023-11-07 00:00:00
Important: curl security update
2023-10-17 00:00:00
Moderate: curl security and bug fix update
2024-04-02 00:00:00
debian
debian
[SECURITY] [DSA 5523-1] curl security update
2023-10-11 06:59:12
[SECURITY] [DLA 3613-1] curl security update
2023-10-11 11:49:26
slackware
slackware
[slackware-security] curl
2023-10-11 06:45:13
ubuntu
ubuntu
curl vulnerabilities
2023-10-17 00:00:00
curl vulnerabilities
2023-10-11 00:00:00
curl vulnerability
2023-10-11 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: curl-7.85.0-12.fc37
2023-10-28 01:25:37
[SECURITY] Fedora 38 Update: curl-8.0.1-5.fc38
2023-10-14 01:32:18
[SECURITY] Fedora 39 Update: curl-8.2.1-3.fc39
2023-10-16 15:27:49
thn
thn
Security Patch for Two New Flaws in Curl Library Arriving on October 11
2023-10-09 10:32:00
Two High-Risk Security Flaws Discovered in Curl Library - New Patches Released
2023-10-12 04:39:00
oraclelinux
oraclelinux
curl security update
2023-11-16 00:00:00
curl security update
2023-10-18 00:00:00
cloudfoundry
cloudfoundry
USN-6429-1: curl vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
USN-6429-2: curl vulnerability | Cloud Foundry
2023-12-04 00:00:00
redos
redos
ROS-20231016-05
2023-10-16 00:00:00
redhat
redhat
(RHSA-2023:5700) Important: curl security update
2023-10-13 21:38:55
(RHSA-2023:5763) Important: curl security update
2023-10-17 08:40:49
(RHSA-2023:6745) Important: curl security update
2023-11-07 10:08:50
qualysblog
qualysblog
Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets
2023-10-06 00:14:06
ibm
ibm
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libcurl vulnerabilities (CVE-2023-38546, CVE-2023-38545)
2023-11-17 12:13:59
Security Bulletin: IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to libcurl and cURL. (CVE-2023-38546, CVE-2023-38545)
2023-11-20 15:27:29
Security Bulletin: Multiple vulnerabilities in cURL libcurl affect AIX
2023-12-11 20:15:23
paloalto
paloalto
Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)
2023-10-12 20:40:00
cisco
cisco
cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
2023-10-12 16:00:00
mageia
mageia
Updated the curl packages to fix two security vulnerabilities
2023-10-14 01:56:51
rocky
rocky
curl security update
2023-10-24 18:36:52
curl security and bug fix update
2024-04-05 14:55:53
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0667
2023-10-11 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0487
2023-10-11 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0113
2023-10-11 00:00:00
debiancve
debiancve
CVE-2023-38545
2023-10-18 04:15:11
CVE-2023-38546
2023-10-18 04:15:11
cbl_mariner
cbl_mariner
CVE-2023-38545 affecting package curl for versions less than 8.3.0-2
2023-10-12 19:11:35
CVE-2023-38545 affecting package cmake for versions less than 3.21.4-10
2023-10-21 15:00:39
CVE-2023-38546 affecting package curl for versions less than 8.3.0-2
2023-10-12 19:11:35
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Haxx Libcurl
2024-03-19 13:45:09
Exploit for Out-of-bounds Write in Haxx Libcurl
2023-10-12 16:48:26
Exploit for Out-of-bounds Write in Haxx Libcurl
2023-10-12 07:39:15
prion
prion
Heap overflow
2023-10-18 04:15:00
Design/Logic Flaw
2023-10-18 04:15:00
wizblog
wizblog
CVE-2023-38545 high severity vulnerability in cURL: everything you need to know
2023-10-11 16:56:35
redhatcve
redhatcve
CVE-2023-38546
2023-10-11 13:11:32
CVE-2023-38545
2023-10-11 07:12:30
f5
f5
K000137211 : cURL vulnerabilities CVE-2023-38546
2023-10-11 00:00:00
K000137257 : cURL vulnerabilities CVE-2023-38545
2023-10-17 00:00:00
mscve
mscve
Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow
2023-10-19 07:00:00
hackerone
hackerone
curl: CVE-2023-38545: socks5 heap buffer overflow
2023-09-30 08:26:30
curl: CVE-2023-38546: cookie injection with none file
2023-09-14 14:58:50
Internet Bug Bounty: [CVE-2023-38546] cookie injection with none file
2023-10-19 10:01:36
cve
cve
CVE-2023-38546
2023-10-18 04:15:11
CVE-2023-38545
2023-10-18 04:15:11
broadcom
broadcom
SOCKS5 heap buffer overflow (CVE-2023-38545)
2023-10-16 00:00:00
ubuntucve
ubuntucve
CVE-2023-38545
2023-10-11 00:00:00
CVE-2023-38546
2023-10-11 00:00:00
cnvd
cnvd
cURL SOCKS5 Heap Overflow Vulnerability
2023-10-11 00:00:00
veracode
veracode
Cookie Injection
2023-10-12 08:53:47
Heap Buffer Overflow
2023-10-11 14:40:13
wolfi
wolfi
CVE-2023-38546 vulnerabilities
2024-05-13 09:06:53
CVE-2023-38545 vulnerabilities
2024-05-13 09:06:53
alpinelinux
alpinelinux
CVE-2023-38546
2023-10-18 04:15:11
CVE-2023-38545
2023-10-18 04:15:11
cloudlinux
cloudlinux
curl: Fix of CVE-2023-38546
2023-10-16 13:58:12
cgr
cgr
CVE-2023-38546 vulnerabilities
2024-05-13 09:06:52
CVE-2023-38545 vulnerabilities
2024-05-13 09:06:52
rosalinux
rosalinux
Advisory ROSA-SA-2024-2379
2024-03-26 11:18:17
veeam
veeam
Vulnerability Scanner Detection Related to CVE-2023-38545
2023-12-12 00:00:00
freebsd
freebsd
curl -- SOCKS5 heap buffer overflow
2023-09-30 00:00:00
ics
ics
Siemens RUGGEDCOM APE1808
2024-03-14 12:00:00
Rockwell Automation FactoryTalk Activation
2024-01-04 12:00:00
kaspersky
kaspersky
KLA61541 Multiple vulnerabilities in Microsoft Windows
2023-10-19 00:00:00
apple
apple
About the security content of macOS Monterey 12.7.3
2024-01-22 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.4%

JSON
Related for ALAS2-2023-2287
nessus57openvas30osv12aix1almalinux3debian2slackware1ubuntu3fedora3thn2oraclelinux2cloudfoundry2redos1redhat11qualysblog1ibm9paloalto1cisco1mageia1rocky2photon3debiancve2cbl_mariner8githubexploit7prion2wizblog1redhatcve2f52mscve1hackerone4cve2broadcom1ubuntucve2cnvd1veracode2wolfi2alpinelinux2cloudlinux1cgr2rosalinux1veeam1freebsd1ics2kaspersky1apple1