Showing 1 - 10 of 10

CVE-2023-38545

Status Candidate

Overview

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.

Related Files

Red Hat Security Advisory 2024-2011-03: Posted Apr 24, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-2011-03 - Updated Satellite Client packages that fixes Important security bugs and regular bugs are now available for Red Hat Satellite. Issues addressed include a buffer overflow vulnerability.; tags | advisory, overflow; systems | linux, redhat; advisories | CVE-2023-38545; SHA-256 | 2119d78f1779fb5b9df8e781bf9b4da66e88cda956d9bdc4f6e4838153ac9474; Download | Favorite | View

Apple Security Advisory 01-22-2024-7: Posted Jan 29, 2024; Authored by Apple | Site apple.com; Apple Security Advisory 01-22-2024-7 - macOS Monterey 12.7.3 addresses code execution vulnerabilities.; tags | advisory, vulnerability, code execution; systems | apple; advisories | CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-2023-42888, CVE-2023-42915, CVE-2023-42937, CVE-2024-23207, CVE-2024-23212, CVE-2024-23222; SHA-256 | f47b5cc3fc3e2932c779a5e08268ff04f0c8b72f286e970997597391f2eb5f5b; Download | Favorite | View

Apple Security Advisory 01-22-2024-6: Posted Jan 29, 2024; Authored by Apple | Site apple.com; Apple Security Advisory 01-22-2024-6 - macOS Ventura 13.6.4 addresses bypass and code execution vulnerabilities.; tags | advisory, vulnerability, code execution; systems | apple; advisories | CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-2023-40528, CVE-2023-42887, CVE-2023-42888, CVE-2023-42915, CVE-2023-42935, CVE-2023-42937, CVE-2024-23207, CVE-2024-23212, CVE-2024-23222, CVE-2024-23224; SHA-256 | 47401dee058f86008aabd7e82b8eacb1135f296db5a860fbaf2791d6ee670c04; Download | Favorite | View

Apple Security Advisory 01-22-2024-3: Posted Jan 26, 2024; Authored by Apple | Site apple.com; Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.; tags | advisory, vulnerability, code execution; systems | apple, ios; advisories | CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-2023-42888, CVE-2023-42915, CVE-2023-42937, CVE-2024-23206, CVE-2024-23211, CVE-2024-23212, CVE-2024-23213, CVE-2024-23214, CVE-2024-23222; SHA-256 | f808342c47a19d49aca6649451e4d052f6ea01681c6945bc9ba9ef843c24277b; Download | Favorite | View

Red Hat Security Advisory 2023-6745-01: Posted Nov 13, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-6745-01 - An update for curl is now available for Red Hat Enterprise Linux 9. Issues addressed include a buffer overflow vulnerability.; tags | advisory, overflow; systems | linux, redhat; advisories | CVE-2023-38545; SHA-256 | ced80e77d881083e9cf75d53da087ceeda141bcfde2804ec2c4ef3799f33681b; Download | Favorite | View

Ubuntu Security Notice USN-6429-3: Posted Oct 17, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6429-3 - USN-6429-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 23.10. Jay Satiro discovered that curl incorrectly handled hostnames when using a SOCKS5 proxy. In environments where curl is configured to use a SOCKS5 proxy, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that curl incorrectly handled cookies when an application duplicated certain handles. A local attacker could possibly create a cookie file and inject arbitrary cookies into subsequent connections.; tags | advisory, remote, arbitrary, local, vulnerability; systems | linux, ubuntu; advisories | CVE-2023-38545, CVE-2023-38546; SHA-256 | d1725e2867219ce04c36896ee359cb48113c317935ea121e2af01b7b802e2783; Download | Favorite | View

Red Hat Security Advisory 2023-5763-01: Posted Oct 17, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-5763-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a buffer overflow vulnerability.; tags | advisory, web, overflow, protocol; systems | linux, redhat; advisories | CVE-2023-38545; SHA-256 | 510c6724745c0651fdfcdb28c913292f03ad32f78e765fb9849dd2ced54a1233; Download | Favorite | View

Red Hat Security Advisory 2023-5700-01: Posted Oct 16, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-5700-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a buffer overflow vulnerability.; tags | advisory, web, overflow, protocol; systems | linux, redhat; advisories | CVE-2023-38545; SHA-256 | 43a3801f3c1efdcc6ec83fd26a2db345717038d202709cc98bd394c86f9fc238; Download | Favorite | View

Debian Security Advisory 5523-1: Posted Oct 11, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5523-1 - Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool.; tags | advisory; systems | linux, debian; advisories | CVE-2023-38545, CVE-2023-38546; SHA-256 | 6f8cac21edc730d0834c13186c9df39c586cd8ff7546f9e0e8f727ca7b9552ec; Download | Favorite | View

Ubuntu Security Notice USN-6429-1: Posted Oct 11, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6429-1 - Jay Satiro discovered that curl incorrectly handled hostnames when using a SOCKS5 proxy. In environments where curl is configured to use a SOCKS5 proxy, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that curl incorrectly handled cookies when an application duplicated certain handles. A local attacker could possibly create a cookie file and inject arbitrary cookies into subsequent connections.; tags | advisory, remote, arbitrary, local; systems | linux, ubuntu; advisories | CVE-2023-38545, CVE-2023-38546; SHA-256 | cdf87ef50399c95276fdc38c6e1cbde856743680fa9b47c87c04c69d255f590a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 250 files
Ubuntu 62 files
Debian 22 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Alter Prime 3 files
Jann Horn 3 files
Andrey Stoykov 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,169)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,011)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,372)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,008)
UNIX (9,481)
UnixWare (188)
Windows (6,785)
Other

CVE-2023-38545

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems