curl: heap based buffer overflow in the SOCKS5 proxy handshake

A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then...

CVE-2023-38545

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host na...

SOCKS5 heap buffer overflow (CVE-2023-38545)

When curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes.If the hostname is detected to be longer than 255 bytes, curl switches to local name resolving and...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the SOCKS5 proxy handshake process when the hostname is longer than the target buffer and larger than 255 bytes. The local variable socks5resolvelocal could get the wrong value during a slow SOCKS5 handshak...

Heap-based Buffer Overflow

Overview curl-cffi is a python binding for curl-impersonate via cffi. Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the SOCKS5 proxy handshake process when the hostname is longer than the target buffer and larger than 255 bytes. The local variable...

Nylon DoS

Closing client socket during SOCKS5 handshake causes server to hang with 100 CPU usage...