Main Vulnerability Database Vulnerabilities #VU81865

#VU81865 Heap-based buffer overflow in cURL - CVE-2023-38545

Published: October 11, 2023 / Updated: February 21, 2025

Vulnerability identifier: #VU81865

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2023-38545

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
cURL

Software vendor:
curl.haxx.se

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the SOCKS5 proxy handshake. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that SOCKS5 proxy is used and that SOCKS5 handshake is slow (e.g. under heavy load or DoS attack).

Remediation

Install updates from vendor's website.

External links

https://curl.haxx.se/docs/CVE-2023-38545.html

#VU81865 Heap-based buffer overflow in cURL - CVE-2023-38545

Description

Remediation

External links

Please verify you're human