Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
šŸ”„ Daily Hot!
šŸ’ŖšŸ½ CPE Enhanced Advisories
šŸ•¶ Shadow Exploits
šŸ•µšŸ¼ Vulners CPE
šŸ” Security news
šŸ’» Exploit updates
šŸ“‘ Blogs review
šŸ§ Linux vulnerabilities
šŸž Bugbounty
šŸ¤– AI High Score
šŸ“° CVE Feed
show all

6 matches found

Tenable Nessus
Tenable Nessusā€¢added 2024/06/26 12:0 a.m.ā€¢30 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.6)

The version of AOS installed on the remote host is prior to 6.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.6 advisory. - CVE-2023-38546 is a cookie injection vulnerability in the curleasyduphandle, a function in libcurl that duplicates easy handles...

9.8CVSS8.2AI score0.84554EPSS
Exploits22References14
RedHat Linux
RedHat Linuxā€¢added 2023/11/07 10:27 a.m.ā€¢3 views

curl: heap based buffer overflow in the SOCKS5 proxy handshake

A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then...

9.8CVSS7AI score0.2625EPSS
Exploits6References5
OSV
OSVā€¢added 2023/10/24 6:36 p.m.ā€¢36 views

RLSA-2023:5763 Important: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: a heap-based buffer overflow in the SOCKS5 proxy handshake CVE-2023-38545 curl: cookie injection with none file...

9.8CVSS8.8AI score0.2625EPSS
Exploits6References3
CVE
CVEā€¢added 2023/10/18 3:52 a.m.ā€¢1114 views

CVE-2023-38545

CVE-2023-38545 is a heap-based buffer overflow in curl/libcurl during SOCKS5 proxy hostname handling. When a long host name (over 255 bytes) is passed for proxy resolution, curl may copy the full hostname into the target buffer due to a race in a slow handshake, enabling arbitrary code execution....

9.8CVSS9.4AI score0.2625EPSS
Exploits6References21Affected Software1
Tenable Nessus
Tenable Nessusā€¢added 2023/10/11 12:0 a.m.ā€¢108 views

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2023-377)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-377 advisory. An issue was found in curl that can cause a buffer overflow in its SOCKS5 proxy communications code. When curl is using a SOCKS5 proxy and it needs to resolve a hostname to an IP address, its...

9.8CVSS8AI score0.2625EPSS
Exploits6References6
FreeBSD
FreeBSDā€¢added 2023/09/30 12:0 a.m.ā€¢39 views

curl -- SOCKS5 heap buffer overflow

The curl team reports: This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255...

9.8CVSS7AI score0.2625EPSS
Exploits6References1
Rows per page
Query Builder