The maintainers of the Curl library have released an advisory warning of two security vulnerabilities that are expected to be addressed as part of an forthcoming update set for release on October 11, 2023.
This includes a high-severity and a low-severity flaw tracked under the identifiers CVE-2023-38545 and CVE-2023-38546, respectively.
Curl, powered by libcurl, is a popular command-line tool for transferring data specified with URL syntax. It supports a wide range of protocols such as FTP(S), HTTP(S), IMAP(S), LDAP(S), MQTT, POP3, RTMP(S), SCP, SFTP, SMB(S), SMTP(S), TELNET, WS, and WSS.
While 2023-38545 impacts both libcurl and curl, CVE-2023-38546 affects only libcurl.
“With specific version range details undisclosed to prevent pre-release problem identification, the vulnerabilities will be fixed in curl version 8.4.0,” Saeed Abbasi, product manager at Qualys Threat Research Unit (TRU), said.
“Organizations should urgently inventory and scan all systems utilizing curl and libcurl, anticipating identifying potentially vulnerable versions once details are disclosed with the release of Curl 8.4.0 on October 11.”
Source: https://thehackernews.com/