CVE-ID: CVE-2023-38545
BDU-ID: 2023-06576
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the SOCKS5 protocol implementation of the cURL command line utility is related to an operation exceeding buffer boundaries in memory when processing hostname length. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service or execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update curl

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchcurl< 8.4.0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ROSA	any	noarch	curl	< 8.4.0	UNKNOWN

nessus 60

debiancve 1

cbl_mariner 4

githubexploit 7

ibm 12

osv 7

mscve 1

hackerone 2

f5 1

broadcom 1

ubuntucve 1

cnvd 1

wizblog 1

prion 1

redhat 26

veeam 1

veracode 1

redhatcve 1

alpinelinux 1

freebsd 2

cgr 1

wolfi 1

cve 1

oraclelinux 2

openvas 26

cloudfoundry 1

fedora 3

redos 1

qualysblog 2

thn 3

ubuntu 2

paloalto 1

almalinux 2

cisco 1

mageia 1

rocky 1

ics 2

aix 1

amazon 1

slackware 1

debian 1

kaspersky 1

photon 3

apple 2

avleonov 1

gentoo 1

mskb 4

nessus

CentOS 9 : curl-7.76.1-28.el9

2024-02-29 00:00:00

libcurl 7.69 < 8.4.0 Heap Buffer Overflow

2023-10-11 00:00:00

FreeBSD : curl -- SOCKS5 heap buffer overflow (d6c19e8c-6806-11ee-9464-b42e991fc52e)

2023-10-11 00:00:00

debiancve

CVE-2023-38545

2023-10-18 04:15:11

cbl_mariner

CVE-2023-38545 affecting package curl for versions less than 8.3.0-2

2023-10-12 19:11:35

CVE-2023-38545 affecting package cmake for versions less than 3.21.4-10

2023-10-21 15:00:39

CVE-2023-38545 affecting package tensorflow for versions less than 2.16.1-1

2024-04-17 22:02:46

githubexploit

Exploit for Out-of-bounds Write in Haxx Libcurl

2024-03-19 13:45:09

Exploit for Out-of-bounds Write in Haxx Libcurl

2023-10-16 10:04:19

Exploit for Out-of-bounds Write in Haxx Libcurl

2023-10-17 09:03:15

ibm

Security Bulletin: IBM Storage Ceph is vulnerable to Out-of-bounds Write in the RHEL UBI (CVE-2023-38545)

2024-01-19 22:15:10

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libcurl vulnerabilities (CVE-2023-38546, CVE-2023-38545)

2023-11-17 12:13:59

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase.

2024-03-13 14:31:39

osv

CVE-2023-38545

2023-10-18 04:15:11

curl vulnerabilities

2023-10-17 11:22:48

Important: curl security update

2023-10-24 18:36:52

mscve

Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow

2023-10-19 07:00:00

hackerone

curl: CVE-2023-38545: socks5 heap buffer overflow

2023-09-30 08:26:30

curl: [Critical] Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet

2023-10-10 04:25:20

K000137257 : cURL vulnerabilities CVE-2023-38545

2023-10-17 00:00:00

broadcom

SOCKS5 heap buffer overflow (CVE-2023-38545)

2023-10-16 00:00:00

ubuntucve

CVE-2023-38545

2023-10-11 00:00:00

cnvd

cURL SOCKS5 Heap Overflow Vulnerability

2023-10-11 00:00:00

wizblog

CVE-2023-38545 high severity vulnerability in cURL: everything you need to know

2023-10-11 16:56:35

prion

Heap overflow

2023-10-18 04:15:00

redhat

(RHSA-2024:2011) Important: Satellite Client Async Security Update

2024-04-23 17:14:55

(RHSA-2023:5700) Important: curl security update

2023-10-13 21:38:55

(RHSA-2023:5763) Important: curl security update

2023-10-17 08:40:49

veeam

Vulnerability Scanner Detection Related to CVE-2023-38545

2023-12-12 00:00:00

veracode

Heap Buffer Overflow

2023-10-11 14:40:13

redhatcve

CVE-2023-38545

2023-10-11 07:12:30

alpinelinux

CVE-2023-38545

2023-10-18 04:15:11

freebsd

curl -- SOCKS5 heap buffer overflow

2023-09-30 00:00:00

MySQL -- Multiple vulnerabilities

2023-10-17 00:00:00

cgr

CVE-2023-38545 vulnerabilities

2024-05-13 03:11:19

wolfi

CVE-2023-38545 vulnerabilities

2024-05-13 03:06:53

cve

CVE-2023-38545

2023-10-18 04:15:11

oraclelinux

curl security update

2023-11-16 00:00:00

curl security update

2023-10-18 00:00:00

openvas

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1055)

2024-01-09 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1376)

2024-03-14 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1005)

2024-01-05 00:00:00

cloudfoundry

USN-6429-1: curl vulnerabilities | Cloud Foundry

2023-11-09 00:00:00

fedora

[SECURITY] Fedora 39 Update: curl-8.2.1-3.fc39

2023-10-16 15:27:49

[SECURITY] Fedora 37 Update: curl-7.85.0-12.fc37

2023-10-28 01:25:37

[SECURITY] Fedora 38 Update: curl-8.0.1-5.fc38

2023-10-14 01:32:18

redos

ROS-20231016-05

2023-10-16 00:00:00

qualysblog

Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets

2023-10-06 00:14:06

Oracle Patch Update, January 2024 Security Update Review

2024-01-17 15:29:33

thn

Security Patch for Two New Flaws in Curl Library Arriving on October 11

2023-10-09 10:32:00

Two High-Risk Security Flaws Discovered in Curl Library - New Patches Released

2023-10-12 04:39:00

Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities

2023-11-15 05:46:00

ubuntu

curl vulnerabilities

2023-10-11 00:00:00

curl vulnerabilities

2023-10-17 00:00:00

paloalto

Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)

2023-10-12 20:40:00

almalinux

Important: curl security update

2023-10-17 00:00:00

Important: curl security update

2023-11-07 00:00:00

cisco

cURL and libcurl Vulnerability Affecting Cisco Products: October 2023

2023-10-12 16:00:00

mageia

Updated the curl packages to fix two security vulnerabilities

2023-10-14 01:56:51

rocky

curl security update

2023-10-24 18:36:52

ics

Rockwell Automation FactoryTalk Activation

2024-01-04 12:00:00

Siemens RUGGEDCOM APE1808

2024-03-14 12:00:00

aix

Multiple vulnerabilities in cURL libcurl affect AIX

2023-12-11 13:22:02

amazon

Important: curl

2023-10-10 21:19:00

slackware

[slackware-security] curl

2023-10-11 06:45:13

debian

[SECURITY] [DSA 5523-1] curl security update

2023-10-11 06:58:41

kaspersky

KLA61541 Multiple vulnerabilities in Microsoft Windows

2023-10-19 00:00:00

photon

Critical Photon OS Security Update - PHSA-2023-5.0-0113

2023-10-11 00:00:00

Critical Photon OS Security Update - PHSA-2023-3.0-0667

2023-10-11 00:00:00

Critical Photon OS Security Update - PHSA-2023-4.0-0487

2023-10-11 00:00:00

apple

About the security content of macOS Monterey 12.7.3

2024-01-22 00:00:00

About the security content of macOS Ventura 13.6.4

2024-01-22 00:00:00

avleonov

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture

2023-11-05 18:39:59

gentoo

curl: Multiple Vulnerabilities

2023-10-11 00:00:00

mskb

November 14, 2023—KB5032189 (OS Builds 19044.3693 and 19045.3693)

2024-02-20 08:00:00

November 14, 2023—KB5032196 (OS Build 17763.5122)

2024-02-20 08:00:00

November 14, 2023—KB5032192 (OS Build 22000.2600)

2024-02-20 08:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for ROSA-SA-2024-2379