libcurl vulnerability

Started by graeChris, October 12, 2023, 03:33:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

graeChris

October 12, 2023, 03:33:46 PM
Good Morning/Evening, 

I just wanted to reach out and make sure we don't need to worry about the recently disclosed libcurl vulnerability CVE-2023-38545. This is a buffer overflow vulnerability in the socks5h proxy. The vulnerability has been patched in libcurl 8.4.0

Affected libcurl versions: 7.69.0 through 8.3.0

Alex Kirhenshtein

#1
October 12, 2023, 03:36:34 PM
Hi

On most systems we don't link libcurl statically, so once you updated system packages - it's all good.

Windows build is bundled with our own instance of libcurl, and updated package will be released shortly.

graeChris

#2
October 17, 2023, 04:59:56 PM
Thank you for the info! 
Print
Go Up Pages1
User actions