Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)

Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older curl versions have been released, too. Preparation for the security updates A little over a week ago, lead developer Daniel Stenberg announced the upcoming release of the newest curl version and said that it would carry patches for CVE-2023-38545 and CVE-2023-38546, a low-severity bug that has been described today as a … More →

The post …

buffer buffer overflow buffer overflow vulnerability bug containers curl cve daniel debian developer don't miss fixes heap buffer overflow high hot stuff iot library linux open source overflow patches patching preparation project red hat release security security update security updates severity socks5 things ubuntu upcoming updates vulnerability week