CVE-2023-38545: So you cURL, but will you cIRL?

On October 11th, 2023, a heap-based buffer overflow in curl was disclosed under the identifier CVE-2023-38545. The vulnerability affects libcurl 7.69.0 to and including 8.3.0. Vulnerable versions of libcurl may be embedded in existing applications. However, to reach the vulnerable code path, the application must be configured to utilize one of the SOCKS5 proxy modes and attempt to resolve a hostname with extraneous length.

application applications buffer buffer overflow code curl cve cve-2023-38545 embedded libcurl may october overflow path under vulnerability vulnerable