Curl Library Maintainers Release New Advisory Detailing Two Security Flaws

Advisory released
The maintainers of the Curl library have released an advisory warning of two security flaws. The experts believe that the flaws will be addressed as part of a forthcoming update set for release on October 11, 2023.

Identifiers
The advisory includes a high-severity and a low-severity flaw. They are tracked under the identifiers CVE-2023-38545 and CVE-2023-38546, respectively. The CVE 2023-38545 impacts both libcurl and curl. However, CVE-2023-38546 affects only libcurl.

Additional details
Additional details about the issues and the exact version ranges impacted have been withheld. It is done due to the possibility that the data could be used to help identify the problem (area) with a very high accuracy. According to the vendor, the last several years of versions of the library have apparently been affected.

Minuscule risk
They also mention that there is a minuscule risk that someone can find this before they ship the patch. However, this issue has stayed undetected for years for a reason.

Version range undisclosed
The specific version range details remain undisclosed to prevent pre-release problem identification. The issues will be fixed in curl version 8.4.0. The developers urge organizations to urgently inventory and scan all systems utilizing curl and libcurl.

Action Required

For Security Advisories Services and further assistance, please don't hesitate to contact us:

Email: sales@r4im.com

Phone: 0529386413

We're here to help you stay secure and informed in the ever-changing landscape of cybersecurity.