Curl 8.4.0 Fixes Critical Security Flaw

Following the Release of a New Version, Curl Tool Fixes Serious Security Vulnerabilities

Today, the developers of the command line tool for transmitting Curl data announced the release of a new version, which addresses previously identified safety issues. The vulnerabilities, classified as “probably the most serious Curl security problems in a long time,” have now been eliminated in this update.

The founder and main developer of the Curl project, Daniel Stanberg, expressed the severity of the vulnerabilities and highlighted that they have fixed two distinct vulnerabilities: cve-2023-38545 and cve-2023-38546.

The first vulnerability, identified as cve-2023-38545, is a buffer overflow error that impacts both Libcurn and Curl. It poses a high degree of seriousness as it can result in data damage and even enable the execution of arbitrary code.

Within the context of cve-2023-38545, this vulnerability arises during the slow confirmation of the connection through the SOCKS5 proxy server. It occurs due to improper processing of host names exceeding 255 bytes. Curl, when faced with a host name longer than 255 bytes, switches to local resolution, preventing the proxy from remote authorization of the host name.

Explaining the technical details, a developer named “communor” stated, “Due to the error, the local variable with the meaning ‘Let the Host Resolve The Name’ could get the wrong value during the slow confirmation of SOCKS5 and, contrary to the intention, copy the very long host name into the target buffer.”

Additionally, the report warns that attackers could exploit this vulnerability using malicious HTTPS servers for redirecting purposes.

It is worth noting that initially, the URL was primarily used to indicate the location of various files on the Internet. Over time, it evolved to represent the addresses of all resources, regardless of their type.

/Reports, release notes, official announcements.