CVE-2023-38545: Curl and libcurl CVE-2023-38545 and CVE-2023-38546 vulnerabilities
Published Oct 3, 2023
·Updated
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit
CVE-2023-38545, CVE-2023-38039, CVE-2023-38546, Mickey Jin@@patch1t, an anonymous researcher, Marc Newlin(SkySafe), Koh M. Nakagawa@@tsunek0h, Yann GASCUEL(Alter Solutions), Anthony Cruz Tyrant Corp@@App, Wojciech Regula(SecuRing), Zhenjiang Zhao(Pangu Team), Qianxin, Junsung Lee, Meysam Firouzi@@R00tkitSMM, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Pan ZhenPeng@@Peterpan0927(STAR Labs SG Pte), Eloi Benoist-Vanderbeken@@elvanderb(Synacktiv), CVE-2023-42893, CVE-2023-3618, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, Ron Masas(BreakPoint), Csaba Fitzl@@theevilbit(OffSec), Csaba Fitzl@@theevilbit(Offensive Security), Arsenii Kostromin (0x3c3e), Mattie Behrens, Joshua Jewett@@JoshJewett33, Zhongquan Li@@Guluisacat, Zhongquan Li@@Guluisacat(Dawn Security Lab of JingDong), CVE-2023-5344, Pwn2car, Zoom Offensive Security Team, Nan Wang@@eternalsakura13(360 Vulnerability Research Institute), rushikesh nandedkar, SungKwon Lee (Demon.Team), Noah Roskin-Frazee, Pr, Ivan Fratric(Google Project Zero), (Trend Micro Zero Day Initiative), Don Clarke, Kirin@@Pwnrin, CVE-2023-42915, Apple
Affected Software
78 affected componentsFixes available
ubuntu/curl<7.81.0-1ubuntu1.14
7.81.0-1ubuntu1.14
ubuntu/curl<7.88.1-8ubuntu2.3
7.88.1-8ubuntu2.3
ubuntu/curl<8.2.1-1ubuntu3.1
8.2.1-1ubuntu3.1
ubuntu/curl<8.2.1-1ubuntu3.1
8.2.1-1ubuntu3.1
debian/curl
7.74.0-1.3+deb11u127.74.0-1.3+deb11u117.88.1-10+deb12u67.88.1-10+deb12u58.8.0-48.9.1-1
Apple macOS Sonoma<14.2
14.2
IBM Storage Protect for Virtual Environments: Data Protection for VMware<=8.1.0.0 - 8.1.22.0
Microsoft Office 2019 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Apple macOS Monterey<12.7.3
12.7.3
Fortinet FortiExtender>=7.4.0<=7.4.1
Fortinet FortiExtender>=7.2.0<=7.2.3
Fortinet FortiOS (only FGT_VM64)>=7.4.0<=7.4.1
Fortinet FortiOS (only FGT_VM64)>=7.2.0<=7.2.6
Fortinet FortiOS (only FGT_VM64)>=7.0.1<=7.0.13
Fortinet FortiProxy (only FortiProxy_VM64)>=7.4.0<=7.4.1
Fortinet FortiProxy (only FortiProxy_VM64)>=7.2.0<=7.2.7
Fortinet FortiProxy (only FortiProxy_VM64)>=7.0
Apple macOS Ventura<13.6.4
13.6.4
Microsoft Windows Server 2019
Microsoft Windows Server 2019
Microsoft Windows Server 2019
Microsoft Windows Server 2019
Microsoft Windows 11=23H2
Microsoft Windows 11=22H2
Microsoft Windows 11=22H2
Microsoft Windows 11=21H2
Microsoft Windows 11=21H2
Microsoft Windows 11=22H2
Microsoft Windows 11=23H2
Microsoft Windows 11=22H2
Microsoft Windows 11=21H2
Microsoft Windows 11=21H2
Microsoft Windows 11=23H2
Microsoft Windows 11=23H2
Microsoft Windows Server 2022
Microsoft Windows Server 2022
Microsoft Windows Server 2022
Microsoft Windows Server 2022
Microsoft 365 Apps for Enterprise
Microsoft 365 Apps for Enterprise
haxx libcurl>=7.69.0<8.4.0
Fedoraproject Fedora=37
NetApp Active Iq Unified Manager Vmware Vsphere
NetApp Active Iq Unified Manager Windows
NetApp OnCommand Insight
NetApp OnCommand Workflow Automation
Microsoft Windows 10 1809<10.0.17763.5122
Microsoft Windows 10 21h2<10.0.19044.3693
Microsoft Windows 10 22h2<10.0.19045.3693
Microsoft Windows 11 21h2<10.0.22000.2600
Microsoft Windows 11 22h2<10.0.22621.2715
Microsoft Windows 11 23h2<10.0.22631.2715
Microsoft Windows Server 2019<10.0.17763.5122
Microsoft Windows Server 2022<10.0.20348.2113
Apple iOS<16.7.5
16.7.5
Apple iPadOS<16.7.5
16.7.5
Microsoft Windows 10=1809
Microsoft Windows 10=1809
Microsoft Windows 10=1809
Microsoft Windows 10=22H2
Microsoft Windows 10=22H2
Microsoft Windows 10=22H2
Microsoft Windows 10=21H2
Microsoft Windows 10=21H2
Microsoft Windows 10=21H2
Microsoft Windows 10=1809
Microsoft Windows 10=1809
Microsoft Windows 10=1809
Microsoft Windows 10=22H2
Microsoft Windows 10=22H2
Microsoft Windows 10=22H2
Microsoft Windows 10=21H2
Microsoft Windows 10=21H2
Microsoft Windows 10=21H2
redhat/curl<8.4.0
8.4.0
Remediation
Patch Available
Event History
Oct 3, 2023
Data Sourced
via Red Hat·01:54 PM
DescriptionSeverityAffected Software
Oct 11, 2023
CVE Published
via Ubuntu·12:00 AM
News Published
06:41 PM
Oct 18, 2023
CVE Published
via MITRE·03:52 AM
Data Sourced
via MITRE·03:52 AM
Description
Data Sourced
04:15 AM
Description
Data Sourced
via NVD·04:15 AM
RemedyDescriptionSeverityWeaknessAffected Software
Oct 19, 2023
Data Sourced
via Microsoft·07:00 AM
DescriptionSeverityWeakness
Nov 14, 2023
Advisory Published
via FortiGuard·12:00 AM
Dec 11, 2023
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Feb 17, 2024
Data Sourced
via Launchpad·12:45 AM
Description
Oct 12, 2024
Advisory Published
via FortiGuard·12:00 AM
Apr 22, 2026
Data Sourced
via GitLab·08:52 AM
Description
Frequently Asked Questions
1
What is the vulnerability ID for this security advisory?
The vulnerability ID for this security advisory is CVE-2023-38545.
2
What is the title of the security advisory?
The title of the security advisory is [SECURITY ADVISORY] curl: CVE-2023-38545: SOCKS5 heap buffer overflow.
3
What is the severity of this vulnerability?
The severity of this vulnerability has not been specified.
4
What software is affected by this vulnerability?
The affected software is curl, with specific versions mentioned in the security advisory.
5
How can I fix this vulnerability?
You can fix this vulnerability by updating curl to the recommended versions provided in the security advisory.