Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-38545

UNKNOWN
Published 2023-10-18T03:52:00.816Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-38545. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
8.8
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.180
probability
of exploitation in the wild

There is a 18.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.948
Higher than 94.8% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy
handshake.

When curl is asked to pass along the host name to the SOCKS5 proxy to allow
that to resolve the address instead of it getting done by curl itself, the
maximum length that host name can be is 255 bytes.

If the host name is detected to be longer, curl switches to local name
resolving and instead passes on the resolved address only. Due to this bug,
the local variable that means "let the host resolve the name" could get the
wrong value during a slow SOCKS5 handshake, and contrary to the intention,
copy the too long host name to the target buffer instead of copying just the
resolved address there.

The target buffer being a heap based buffer, and the host name coming from the
URL that curl has been told to operate with.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

curl

curl

Affected Versions:

8.4.0 7.69.0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-7xw9-w465-6x42

Advisory Details

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-38545
WEB https://curl.se/docs/CVE-2023-38545.html
WEB https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868
WEB https://github.com/UTsweetyfish/CVE-2023-38545
WEB https://github.com/bcdannyboy/CVE-2023-38545
WEB https://github.com/dbrugman/CVE-2023-38545-POC
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ
WEB https://security.netapp.com/advisory/ntap-20231027-0009
WEB https://security.netapp.com/advisory/ntap-20240201-0005
WEB https://support.apple.com/kb/HT214036
WEB https://support.apple.com/kb/HT214057
WEB https://support.apple.com/kb/HT214058
WEB https://support.apple.com/kb/HT214063
WEB https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability
WEB http://seclists.org/fulldisclosure/2024/Jan/34
WEB http://seclists.org/fulldisclosure/2024/Jan/37
WEB http://seclists.org/fulldisclosure/2024/Jan/38

Advisory provided by GitHub Security Advisory Database. Published: October 18, 2023, Modified: February 13, 2025

References

https://curl.se/docs/CVE-2023-38545.html
https://security.netapp.com/advisory/ntap-20231027-0009/
https://lists.fedoraproject.org/archives/list/[email protected]/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/
https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/
https://support.apple.com/kb/HT214036
https://support.apple.com/kb/HT214063
https://support.apple.com/kb/HT214057
https://support.apple.com/kb/HT214058
http://seclists.org/fulldisclosure/2024/Jan/34
http://seclists.org/fulldisclosure/2024/Jan/37
http://seclists.org/fulldisclosure/2024/Jan/38
https://security.netapp.com/advisory/ntap-20240201-0005/
https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868

HackerOne Reports

[Critical] Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet Critical
shelldoit
curl
Information Disclosure
View Report
Published: 2023-10-18T03:52:00.816Z
Last Modified: 2025-08-27T20:32:53.710Z
Copied to clipboard!