Curl/LibCurl Vulnerabilities multiple vulnerabilities reported.
Advisory release date
Oct 11, 2023
Internal Customer Hosted Services
The severity varies based on the below vulnerabilities.
Summary of Vulnerability
CURL libraries are used extensively in web development for almost 25 years. There are many versions and libraries with these vulnerabilities only impacted a subset of this.
curl - SOCKS5 heap buffer overflow - CVE-2023-38545
curl - cookie injection with none file - CVE-2023-38546
curl - HTTP headers eat all memory - CVE-2023-38039
NT-ware IT Operations and the Development teams have reviewed our products and services and concluded that we are not impacted by these CVE’s as we are either not using the library directly or are on a patched version.