curl recently received an update that addressed two critical vulnerabilities in the curl data transfer library, identified as CVE-2023-38545 and CVE-2023-38546. Successful exploitation of these vulnerabilities could enable code execution and cookie injection.
Details of curl Vulnerabilities
CVE-2023-38545 (CVSS score: 7.5, High severity):
CVE-2023-38545, a heap-based buffer overflow vulnerability in SOCKS5, can potentially result in Remote Code Execution (RCE). It impacts both the curl command-line tool and libcurl.
Vulnerability card for CVE-2023-38545 on SOCRadar
Researchers reported that curl version 7.69.0 introduced CVE-2023-38545 while attempting to convert a blocking function into a non-blocking state machine. The vulnerability essentially arises from a logic issue in the state machine, which represents a fallback mechanism when it handles excessively long host names in SOCKS5 proxy connections.
This vulnerability occurs when curl exceeds the 255-byte limit for the hostname during the SOCKS5 proxy handshake. Instead of properly passing on the resolved address to the proxy, CVE-2023-38545 may cause curl to copy the overly long hostname to the target buffer.
Numerous exploit codes are available on GitHub, proving how the vulnerability can be exploited in a Denial-of-Service (DoS) attack.
According to curl, exploitation is possible, even without a DoS attack, and a malicious HTTPS server redirecting to a specially crafted URL can trigger an overflow. Even so, researchers believe that the conditions required for a system to be vulnerable are more restrictive than initially thought, meaning most users are unlikely to be affected by the issue.
CVE-2023-38546 (CVSS score: 5.0, Medium severity):
In the advisory, the vulnerability is characterized as a cookie injection issue with none file. It enables an attacker to inject cookies into a running program using libcurl, provided that the specific series of conditions is met.
Which Versions of curl are Affected?
Below are the affected versions of libcurl for each vulnerability:
CVE-2023-38545: libcurl versions 7.69.0 to and including 8.3.0
CVE-2023-38546: libcurl 7.9.1 to and including 8.3.0
Apply the Patches for curl
Version 8.4.0 of curl is available, providing patches for the CVE-2023-38545 and CVE-2023-38546 vulnerabilities.
This update, released on October 11, 2023, effectively mitigates the vulnerabilities, eliminating the behavior of curl switching to local resolve mode when a hostname exceeds the allowed length. It is strongly recommended to apply the update promptly to prevent the exploitation of these high-risk vulnerabilities.
See the release note here.
How Can SOCRadar Help?
SOCRadar continuously monitors security vulnerabilities, providing the timely intelligence necessary to safeguard organizational assets. Using Vulnerability Intelligence, you can search for vulnerabilities, obtain comprehensive details about them, and monitor related activities, including hacker trends.
SOCRadar Vulnerability Intelligence
Moreover, through the Attack Surface Management module, you can access critical information regarding vulnerabilities that impact your assets.
SOCRadar Attack Surface Management
The post curl Update Available for CVE-2023-38545 and CVE-2023-38546: High-Severity Vulnerability Could Lead to RCE appeared first on SOCRadar® Cyber Intelligence Inc..
Article Link: curl Update Available for CVE-2023-38545 and CVE-2023-38546: High-Severity Vulnerability Could Lead to RCE