describe:
cURL is a widely used multi-functional open source command line tool that uses URL syntax to transmit data and supports a variety of network protocols including SSL, TLS, HTTP, FTP, and SMTP.libcurl It is a powerful driver library for cURL. It is a free client-side URL transmission library that also supports a wide range of protocols. Both are extremely common among developers and system administrators for interacting with APIs, downloading files, and creating automated Internet-based workflows.
![[Early Warning] Serious security vulnerabilities exposed in curl and libcurl libraries](https://www.cncso.com/wp-content/uploads/2023/10/CVE-2023-38545-CVE-2023-38546_.jpg)
![[Early Warning] Serious security vulnerabilities exposed in curl and libcurl libraries](https://cncso.com/wp-content/themes/justnews/themer/assets/images/lazy.png)
cURL and libcurl A seriousSecurity vulnerability, identified as CVE-2023-38545. Severe vulnerabilities may allow an attacker to execute malicious code or perform other unauthorized operations if certain conditions are met.
Sphere of influence:
cURL is a 25-year-old software project and an extremely popular piece of basic software, but libcurl is probably the most popular and widely used HTTP client library in the world, with over 10 billion installations.
It is used by almost every device connected to the internet. This includes most operating systems, servers, medical devices, servers, printers, and even cars, game consoles, smartwatches, and more.
Version < Curl 8.4.0
Vulnerability POC:
None yet
Fix:
This vulnerability will be fixed in URL 8.4.0 released on October 11th. Please pay attention to
Vulnerability reference:
https://github.com/curl/curl/discussions/12026
Original article by Chief Security Officer, if reproduced, please credit https://cncso.com/en/cve-2023-38545-curl-and-libcurl-library-security-vulnerabilities-html
