CVE-2023-38545

🗓️ 18 Oct 2023 03:52:00Reported by hackeroneType

cve🔗 web.nvd.nist.gov📰️ 8 Media mentions👁 1115 Views

CVE-2023-38545: Heap buffer overflow in curl SOCKS5 handshak

Reporter	Title	Published	Views	Family All 429
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to libcurl and cURL. (CVE-2023-38546, CVE-2023-38545)	20 Nov 202315:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware	15 Apr 202502:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase.	13 Mar 202414:31	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability with GNU glibc & libcURL affect IBM Cloud Object Storage Systems (Nov2023v1)	14 Nov 202322:53	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V	18 Jun 202422:03	–	ibm
IBM Security Bulletins	Security Bulletin: Execution Engine for Apache Hadoop is vulnerable to heap-based buffer overflow and remote attacker to bypass security restrictions	20 Feb 202503:40	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js, AngularJS, Golang Go, libcURL, PostgreSQL, Linux kernel might affect IBM Spectrum Protect Plus	24 Sep 202405:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities	26 Sep 202413:35	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in cURL libcurl affect AIX	11 Dec 202320:06	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libcurl, cURL and Linux Kernel might affect IBM Storage Copy Data Management	14 Jun 202416:27	–	ibm

NVD

Vulners

Vulnrichment

Node

haxx libcurlRange7.69.0–8.4.0

Node

fedoraproject fedoraMatch37

Node

netapp active_iq_unified_managerMatch-vmware_vsphere

netapp active_iq_unified_managerMatch-windows

netapp oncommand_insightMatch-

netapp oncommand_workflow_automationMatch-

Node

microsoft windows_10_1809Range<10.0.17763.5122

microsoft windows_10_21h2Range<10.0.19044.3693

microsoft windows_10_22h2Range<10.0.19045.3693

microsoft windows_11_21h2Range<10.0.22000.2600

microsoft windows_11_22h2Range<10.0.22621.2715

microsoft windows_11_23h2Range<10.0.22631.2715

microsoft windows_server_2019Range<10.0.17763.5122

microsoft windows_server_2022Range<10.0.20348.2113

[
  {
    "vendor": "curl",
    "product": "curl",
    "versions": [
      {
        "version": "8.4.0",
        "status": "affected",
        "lessThan": "8.4.0",
        "versionType": "semver"
      },
      {
        "version": "7.69.0",
        "status": "unaffected",
        "lessThan": "7.69.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
support	www.support.apple.com/kb/HT214063
curl	www.curl.se/docs/CVE-2023-38545.html
secpod	www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/
support	www.support.apple.com/kb/HT214036
support	www.support.apple.com/kb/HT214058
seclists	www.seclists.org/fulldisclosure/2024/Jan/34
seclists	www.seclists.org/fulldisclosure/2024/Jan/37
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/
seclists	www.seclists.org/fulldisclosure/2024/Jan/38
forum	www.forum.vmssoftware.com/viewtopic.php

12 May 2026 11:16Current

9.4High risk

Vulners AI Score9.4

CVSS 3.18.8 - 9.8

EPSS0.2625

SSVC

CWE-787