CVE-2023-38545 - Heap Buffer Overflow in cURL’s SOCKS5 Proxy Handshake
Contents:
Overview
In October 2023, a serious security flaw was disclosed in cURL, a command-line tool and library used by millions worldwide to transfer data
CVE-2023-38546 - Exploiting Cookie Injection in libcurl via Easy Handle Duplication
Published: June 2024
Severity: Medium-High
Component: libcurl (7.9.1 to 8.3.)
Original Advisory: curl.se/security/advisory
Reference Doc: curl_easy_duphandle() API
CVE-2023-38039 - How an Endless Stream of HTTP Headers Can Crash Your curl (A Deep Dive with Code and Exploit Details)
---
Introduction
If you’ve used the popular curl tool to fetch data from the internet, you might not think much about how it handles
CVE-2023-32001 - How libcurl’s Cookie, HSTS, and Alt-Svc File Saving Was Vulnerable to Dangerous Race Conditions
In May 2023, a critical vulnerability—CVE-2023-32001—was revealed in libcurl, a widely used client-side URL transfer library. This bug exposed a Time-Of-Check to Time-Of-Use
CVE-2023-27533 - Serious curl TELNET Input Validation Flaw Explained
Curl is one of the most essential tools used for transferring data on the internet. Many applications—big and small—rely on curl, often without
Episode
00:00:00
00:00:00