Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk
The maintainers of the cURL data transfer project have released patches for a severe memory corruption vulnerability. The bug, tracked as CVE-2023-38545, affects the SOCKS5 proxy handshake process in cURL and can be exploited remotely. The flaw exists in the libcurl library and allows an attacker to trigger a heap buffer overflow. It is considered the worst security problem in libcurl in a long time. The issue has been fixed in cURL 8.4.0, and organizations are urged to apply the patches. The vulnerability potentially impacts all projects relying on libcurl.