Organizations using cURL and libcurl are urged to apply the patches in cURL 8.4.0 to mitigate the vulnerability that potentially impacts all software projects relying on libcurl.

Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk

The maintainers of the cURL data transfer project have released patches for a severe memory corruption vulnerability. The bug, tracked as CVE-2023-38545, affects the SOCKS5 proxy handshake process in cURL and can be exploited remotely. The flaw exists in the libcurl library and allows an attacker to trigger a heap buffer overflow. It is considered the worst security problem in libcurl in a long time. The issue has been fixed in cURL 8.4.0, and organizations are urged to apply the patches. The vulnerability potentially impacts all projects relying on libcurl.

Back to Home


  • No comments yet.