FG-IR-23-385: Curl and libcurl CVE-2023-38545 and CVE-2023-38546 vulnerabilities
First published: Sat Oct 12 2024(Updated: )
CVE-2023-38545: severity HIGH (affects both libcurl and the curl tool)A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to "let the host resolve the name" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.https://curl.se/docs/CVE-2023-38545.html## CVE-2023-38546: severity LOW (affects libcurl only, not the tool)A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.https://curl.se/docs/CVE-2023-38546.html
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiExtender Firmware | >=7.4.0<=7.4.1 | |
| Fortinet FortiExtender Firmware | >=7.2.0<=7.2.3 | |
| Fortinet FortiOS | >=7.4.0<=7.4.1 | |
| Fortinet FortiOS | >=7.2.0<=7.2.6 | |
| Fortinet FortiOS | >=7.0.1<=7.0.13 | |
| Fortinet FortiProxy | >=7.4.0<=7.4.1 | |
| Fortinet FortiProxy | >=7.2.0<=7.2.7 | |
| Fortinet FortiProxy | >=7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-38545?
The severity of CVE-2023-38545 is rated as HIGH.
How do I fix CVE-2023-38545?
To fix CVE-2023-38545, update to the latest version of libcurl that addresses the buffer overflow vulnerability.
Which software does CVE-2023-38545 affect?
CVE-2023-38545 affects both libcurl and the curl tool.
What kind of vulnerability is CVE-2023-38545?
CVE-2023-38545 is a heap-based buffer overflow flaw found in the SOCKS5 proxy handshake.
What happens if CVE-2023-38545 is exploited?
Exploitation of CVE-2023-38545 can potentially allow attackers to execute arbitrary code due to the buffer overflow.
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/softwarecombine
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2023-38545
- alias/CVE-2023-38546
- agent/last-modified-date
- agent/first-publish-date
- agent/title
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/fortiguard-psirt
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/fortinet
- canonical/fortinet fortiextender firmware
- version/fortinet fortiextender firmware/7.4.0
- version/fortinet fortiextender firmware/7.4.1
- version/fortinet fortiextender firmware/7.2.0
- version/fortinet fortiextender firmware/7.2.3
- canonical/fortinet fortios
- version/fortinet fortios/7.4.0
- version/fortinet fortios/7.4.1
- version/fortinet fortios/7.2.0
- version/fortinet fortios/7.2.6
- version/fortinet fortios/7.0.1
- version/fortinet fortios/7.0.13
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/7.4.0
- version/fortinet fortiproxy/7.4.1
- version/fortinet fortiproxy/7.2.0
- version/fortinet fortiproxy/7.2.7
- version/fortinet fortiproxy/7.0