This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.
Published 2023-10-18 04:15:11
Updated 2024-10-17 22:35:01
Source HackerOne
View at NVD,   CVE.org

Products affected by CVE-2023-38545

Exploit prediction scoring system (EPSS) score for CVE-2023-38545

0.93%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-38545

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
N/A
N/A
Cisco:cisco-sa-curl-libcurl-D9ds39cV 2024-02-21
8.8
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.8
5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 2024-10-17
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST
7.5
HIGH AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
N/A
N/A
Oracle:CPUOct2023
7.5
HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
N/A
N/A
RedHat-CVE-2023-38545

CWE ids for CVE-2023-38545

  • The product writes data past the end, or before the beginning, of the intended buffer.
    Assigned by:
    • 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
    • nvd@nist.gov (Primary)

References for CVE-2023-38545

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!