PT-2023-5886 · Libcurl +13 · Libcurl +13

🗓️ 30 Sep 2023 00:00:00Reported by Positive TechnologiesType

ptsecurity🔗 dbugs.ptsecurity.com👁 2 Views

Libcurl before 8.4.0 may load cookies from a file named none when duplicating an easy handle; upgrade.

Reporter	Title	Published	Views	Family All 992
IBM Security Bulletins	Security Bulletin: IBM MaaS360 Cloud Extender Agent, Configuration Utility, Certificate, and Base Module affected by multiple vulnerabilities (CVE-2023-28322, CVE-2023-28320, CVE-2023-28319, CVE-2023-28321)	2 Oct 202316:16	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to libcurl and cURL. (CVE-2023-38546, CVE-2023-38545)	20 Nov 202315:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware	15 Apr 202502:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to the Insertion of Sensitive Information Into Sent Data in the RHEL UBI (CVE-2023-46218)	5 Aug 202420:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities	24 Jul 202317:54	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase.	13 Mar 202414:31	–	ibm
IBM Security Bulletins	Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to curl (CVE-2023-27536, CVE-2023-28321)	8 Jul 202417:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in the RHEL UBI (CVE-2023-28322)	19 Jan 202422:09	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability with GNU glibc & libcURL affect IBM Cloud Object Storage Systems (Nov2023v1)	14 Nov 202322:53	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V	18 Jun 202422:03	–	ibm

Source	Link
github	www.github.com/d0rb/CVE-2023-38545
github	www.github.com/UTsweetyfish/CVE-2023-38545
github	www.github.com/imfht/CVE-2023-38545
github	www.github.com/fatmo666/CVE-2023-38545-libcurl-SOCKS5-heap-buffer-overflow
github	www.github.com/vanigori/CVE-2023-38545-sample
github	www.github.com/bcdannyboy/CVE-2023-38545
ubuntu	www.ubuntu.com/security/notices/USN-6429-3
safe-surf	www.safe-surf.ru/specialists/bulletins-nkcki/705879
ubuntu	www.ubuntu.com/security/CVE-2023-38545
bdu	www.bdu.fstec.ru/vul/2023-02895

09 Jul 2024 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 27.6

CVSS 3.18.8 - 9.8

EPSS0.26747

SSVC