Curl tool fixes Heap Overflow Vulnerability
Take action: The default use of curl is not vulnerable unless specific parameters are used. The exploit vector will be complex and probably involve a shell script phishing campaign. It's wise to patch your curl, but not a panic mode patching.
Learn More
Curl, an essential internet tool, has addressed a significant security flaw which has the potential to lead to remote code execution. This Heap-based Buffer Overflow vulnerability, identified as CVE-2023-38545, was found by Jay Satiro in Curl versions ranging from 7.69.0 to 8.3.0. The vulnerability arises due to a heap overflow when using a SOCKS5 proxy with remote hostnames over 255 bytes. This flaw was flagged by Cyber Kendra prior to the official advisory being released.
This flaw is triggered when hostnames longer than 255 bytes are copied into a predetermined heap buffer during SOCKS negotiations. For a successful exploitation, an attacker would need to redirect a victim to a URL with an excessively lengthy hostname, and have them connect through a compromised SOCKS5 proxy server. This, in turn, could lead to remote code execution.
The curl command line tool isn't affected by default but can be vulnerable if utilized with specific flags or proxy URLs. Despite its severity, the flaw has been classified as 'High' instead of 'Critical'.
The author of Curl, Daniel Stenberg, has justified this classification by noting that the exploitation conditions are challenging, and precision attacks are difficult.
There's also a second vulnerability, CVE-2023-38546, rated as 'Low Severity', which affects Curl versions between 7.9.1 to 8.3.0. This vulnerability could allow attackers to inject arbitrary cookies under specific conditions. The Curl team suggests updating to 8.4.0 or applying the available patch to address these vulnerabilities.
