Curl v8.4.0 Addresses High-Severity Issue

By

Users are advised to upgrade now.

Curl project maintainers have now released curl v8.4.0, which fixes vulnerabilities found in the widely used data transfer tool, along with an advisory detailing the issues.

Lead developer Daniel Stenberg noted that this release cycle was cut short in order to quickly address the high-severity vulnerability (CVE-2023-38545), which “makes curl overflow a heap-based buffer in the SOCKS5 proxy handshake.”

The vulnerability affects both curl and libcurl from version 7.69.0 up to (and including) v8.3.0. Users are advised to upgrade now.
 
 
 

 
 
 

10/11/2023

Related content

comments powered by Disqus