cURL is a network data transfer project. Usually when we say cURL, we mean the cURL command line tool. cURL’s underlying use is the libcurl library. A heap overflow vulnerability exists in cURL SOCKS5, which can be exploited by an attacker to construct a malicious hostname and cause code execution.

CPENameOperatorVersion
curl libcurl >=7.69.0，le8.3.0

CPE	Name	Operator	Version
	curl libcurl >=7.69.0，	le	8.3.0

nessus 60

debiancve 1

cbl_mariner 4

githubexploit 7

ibm 12

osv 7

mscve 1

hackerone 2

f5 1

broadcom 1

ubuntucve 1

wizblog 1

prion 1

redhat 26

rosalinux 1

veeam 1

veracode 1

redhatcve 1

alpinelinux 1

freebsd 2

wolfi 1

cgr 1

cve 1

oraclelinux 2

openvas 26

cloudfoundry 1

fedora 3

redos 1

qualysblog 2

thn 3

ubuntu 2

paloalto 1

almalinux 2

cisco 1

mageia 1

rocky 1

ics 2

aix 1

amazon 1

slackware 1

debian 1

kaspersky 1

photon 3

apple 2

avleonov 1

gentoo 1

mskb 4

nessus

CentOS 9 : curl-7.76.1-28.el9

2024-02-29 00:00:00

libcurl 7.69 < 8.4.0 Heap Buffer Overflow

2023-10-11 00:00:00

FreeBSD : curl -- SOCKS5 heap buffer overflow (d6c19e8c-6806-11ee-9464-b42e991fc52e)

2023-10-11 00:00:00

debiancve

CVE-2023-38545

2023-10-18 04:15:11

cbl_mariner

CVE-2023-38545 affecting package curl for versions less than 8.3.0-2

2023-10-12 19:11:35

CVE-2023-38545 affecting package cmake for versions less than 3.21.4-10

2023-10-21 15:00:39

CVE-2023-38545 affecting package tensorflow for versions less than 2.16.1-1

2024-04-17 22:02:46

githubexploit

Exploit for Out-of-bounds Write in Haxx Libcurl

2024-03-19 13:45:09

Exploit for Out-of-bounds Write in Haxx Libcurl

2023-10-16 10:04:19

Exploit for Out-of-bounds Write in Haxx Libcurl

2023-10-17 09:03:15

ibm

Security Bulletin: IBM Storage Ceph is vulnerable to Out-of-bounds Write in the RHEL UBI (CVE-2023-38545)

2024-01-19 22:15:10

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libcurl vulnerabilities (CVE-2023-38546, CVE-2023-38545)

2023-11-17 12:13:59

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase.

2024-03-13 14:31:39

osv

CVE-2023-38545

2023-10-18 04:15:11

curl vulnerabilities

2023-10-17 11:22:48

Important: curl security update

2023-10-24 18:36:52

mscve

Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow

2023-10-19 07:00:00

hackerone

curl: CVE-2023-38545: socks5 heap buffer overflow

2023-09-30 08:26:30

curl: [Critical] Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet

2023-10-10 04:25:20

K000137257 : cURL vulnerabilities CVE-2023-38545

2023-10-17 00:00:00

broadcom

SOCKS5 heap buffer overflow (CVE-2023-38545)

2023-10-16 00:00:00

ubuntucve

CVE-2023-38545

2023-10-11 00:00:00

wizblog

CVE-2023-38545 high severity vulnerability in cURL: everything you need to know

2023-10-11 16:56:35

prion

Heap overflow

2023-10-18 04:15:00

redhat

(RHSA-2024:2011) Important: Satellite Client Async Security Update

2024-04-23 17:14:55

(RHSA-2023:5700) Important: curl security update

2023-10-13 21:38:55

(RHSA-2023:5763) Important: curl security update

2023-10-17 08:40:49

rosalinux

Advisory ROSA-SA-2024-2379

2024-03-26 11:18:17

veeam

Vulnerability Scanner Detection Related to CVE-2023-38545

2023-12-12 00:00:00

veracode

Heap Buffer Overflow

2023-10-11 14:40:13

redhatcve

CVE-2023-38545

2023-10-11 07:12:30

alpinelinux

CVE-2023-38545

2023-10-18 04:15:11

freebsd

curl -- SOCKS5 heap buffer overflow

2023-09-30 00:00:00

MySQL -- Multiple vulnerabilities

2023-10-17 00:00:00

wolfi

CVE-2023-38545 vulnerabilities

2024-05-13 09:06:53

cgr

CVE-2023-38545 vulnerabilities

2024-05-13 09:06:52

cve

CVE-2023-38545

2023-10-18 04:15:11

oraclelinux

curl security update

2023-11-16 00:00:00

curl security update

2023-10-18 00:00:00

openvas

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1055)

2024-01-09 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1376)

2024-03-14 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1005)

2024-01-05 00:00:00

cloudfoundry

USN-6429-1: curl vulnerabilities | Cloud Foundry

2023-11-09 00:00:00

fedora

[SECURITY] Fedora 39 Update: curl-8.2.1-3.fc39

2023-10-16 15:27:49

[SECURITY] Fedora 37 Update: curl-7.85.0-12.fc37

2023-10-28 01:25:37

[SECURITY] Fedora 38 Update: curl-8.0.1-5.fc38

2023-10-14 01:32:18

redos

ROS-20231016-05

2023-10-16 00:00:00

qualysblog

Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets

2023-10-06 00:14:06

Oracle Patch Update, January 2024 Security Update Review

2024-01-17 15:29:33

thn

Security Patch for Two New Flaws in Curl Library Arriving on October 11

2023-10-09 10:32:00

Two High-Risk Security Flaws Discovered in Curl Library - New Patches Released

2023-10-12 04:39:00

Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities

2023-11-15 05:46:00

ubuntu

curl vulnerabilities

2023-10-11 00:00:00

curl vulnerabilities

2023-10-17 00:00:00

paloalto

Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)

2023-10-12 20:40:00

almalinux

Important: curl security update

2023-10-17 00:00:00

Important: curl security update

2023-11-07 00:00:00

cisco

cURL and libcurl Vulnerability Affecting Cisco Products: October 2023

2023-10-12 16:00:00

mageia

Updated the curl packages to fix two security vulnerabilities

2023-10-14 01:56:51

rocky

curl security update

2023-10-24 18:36:52

ics

Rockwell Automation FactoryTalk Activation

2024-01-04 12:00:00

Siemens RUGGEDCOM APE1808

2024-03-14 12:00:00

aix

Multiple vulnerabilities in cURL libcurl affect AIX

2023-12-11 13:22:02

amazon

Important: curl

2023-10-10 21:19:00

slackware

[slackware-security] curl

2023-10-11 06:45:13

debian

[SECURITY] [DSA 5523-1] curl security update

2023-10-11 06:58:41

kaspersky

KLA61541 Multiple vulnerabilities in Microsoft Windows

2023-10-19 00:00:00

photon

Critical Photon OS Security Update - PHSA-2023-5.0-0113

2023-10-11 00:00:00

Critical Photon OS Security Update - PHSA-2023-3.0-0667

2023-10-11 00:00:00

Critical Photon OS Security Update - PHSA-2023-4.0-0487

2023-10-11 00:00:00

apple

About the security content of macOS Monterey 12.7.3

2024-01-22 00:00:00

About the security content of macOS Ventura 13.6.4

2024-01-22 00:00:00

avleonov

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture

2023-11-05 18:39:59

gentoo

curl: Multiple Vulnerabilities

2023-10-11 00:00:00

mskb

November 14, 2023—KB5032189 (OS Builds 19044.3693 and 19045.3693)

2024-02-20 08:00:00

November 14, 2023—KB5032196 (OS Build 17763.5122)

2024-02-20 08:00:00

November 14, 2023—KB5032192 (OS Build 22000.2600)

2024-02-20 08:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

27.4%

JSON

Related for CNVD-2023-75809