The Palo Alto Networks Product Security Assurance team has evaluated the curl and libcurl vulnerabilities (CVE-2023-38545, CVE-2023-38546) that were disclosed on October 11, 2023 as they relate to our products.
At this time, there are no demonstrated scenarios that enable successful exploitation of these vulnerabilities in our products.
Work around:
Customers with a Threat Prevention subscription can block attacks for CVE-2023-38545 by enabling Threat ID 94436 (Applications and Threats content update 8764).