Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:conan/libcurl@7.69.0
Typeconan
Namespace
Namelibcurl
Version7.69.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-tcqe-7skm-b3fz
vulnerability_id VCID-tcqe-7skm-b3fz
summary 
Out-of-bounds Write
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy
handshake.

When curl is asked to pass along the host name to the SOCKS5 proxy to allow
that to resolve the address instead of it getting done by curl itself, the
maximum length that host name can be is 255 bytes.

If the host name is detected to be longer, curl switches to local name
resolving and instead passes on the resolved address only. Due to this bug,
the local variable that means "let the host resolve the name" could get the
wrong value during a slow SOCKS5 handshake, and contrary to the intention,
copy the too long host name to the target buffer instead of copying just the
resolved address there.

The target buffer being a heap based buffer, and the host name coming from the
URL that curl has been told to operate with.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38545.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38545.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38545
reference_id
reference_type
scores
0
value 0.2625
scoring_system epss
scoring_elements 0.96316
published_at 2026-04-18T12:55:00Z
1
value 0.2625
scoring_system epss
scoring_elements 0.96278
published_at 2026-04-04T12:55:00Z
2
value 0.2625
scoring_system epss
scoring_elements 0.96283
published_at 2026-04-07T12:55:00Z
3
value 0.2625
scoring_system epss
scoring_elements 0.96292
published_at 2026-04-08T12:55:00Z
4
value 0.2625
scoring_system epss
scoring_elements 0.96295
published_at 2026-04-09T12:55:00Z
5
value 0.2625
scoring_system epss
scoring_elements 0.963
published_at 2026-04-12T12:55:00Z
6
value 0.2625
scoring_system epss
scoring_elements 0.96303
published_at 2026-04-13T12:55:00Z
7
value 0.2625
scoring_system epss
scoring_elements 0.96312
published_at 2026-04-16T12:55:00Z
8
value 0.26747
scoring_system epss
scoring_elements 0.96315
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38545
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/2187833
reference_id
reference_type
scores
url https://hackerone.com/reports/2187833
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2241933
reference_id 2241933
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2241933
7
reference_url http://seclists.org/fulldisclosure/2024/Jan/34
reference_id 34
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/
url http://seclists.org/fulldisclosure/2024/Jan/34
8
reference_url http://seclists.org/fulldisclosure/2024/Jan/37
reference_id 37
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/
url http://seclists.org/fulldisclosure/2024/Jan/37
9
reference_url http://seclists.org/fulldisclosure/2024/Jan/38
reference_id 38
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/
url http://seclists.org/fulldisclosure/2024/Jan/38
10
reference_url https://security.archlinux.org/AVG-2845
reference_id AVG-2845
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2845
11
reference_url https://security.archlinux.org/AVG-2846
reference_id AVG-2846
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2846
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38545
reference_id CVE-2023-38545
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-38545
13
reference_url https://curl.se/docs/CVE-2023-38545.html
reference_id CVE-2023-38545.HTML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value High
scoring_system cvssv3.1
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/
url https://curl.se/docs/CVE-2023-38545.html
14
reference_url https://security.gentoo.org/glsa/202310-12
reference_id GLSA-202310-12
reference_type
scores
url https://security.gentoo.org/glsa/202310-12
15
reference_url https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/
reference_id high-severity-heap-buffer-overflow-vulnerability
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/
url https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/
16
reference_url https://support.apple.com/kb/HT214036
reference_id HT214036
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/
url https://support.apple.com/kb/HT214036
17
reference_url https://support.apple.com/kb/HT214057
reference_id HT214057
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/
url https://support.apple.com/kb/HT214057
18
reference_url https://support.apple.com/kb/HT214058
reference_id HT214058
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/
url https://support.apple.com/kb/HT214058
19
reference_url https://support.apple.com/kb/HT214063
reference_id HT214063
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/
url https://support.apple.com/kb/HT214063
20
reference_url https://security.netapp.com/advisory/ntap-20231027-0009/
reference_id ntap-20231027-0009
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/
url https://security.netapp.com/advisory/ntap-20231027-0009/
21
reference_url https://security.netapp.com/advisory/ntap-20240201-0005/
reference_id ntap-20240201-0005
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/
url https://security.netapp.com/advisory/ntap-20240201-0005/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/
reference_id OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/
23
reference_url https://access.redhat.com/errata/RHSA-2023:5700
reference_id RHSA-2023:5700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5700
24
reference_url https://access.redhat.com/errata/RHSA-2023:5763
reference_id RHSA-2023:5763
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5763
25
reference_url https://access.redhat.com/errata/RHSA-2023:6745
reference_id RHSA-2023:6745
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6745
26
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
27
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
28
reference_url https://access.redhat.com/errata/RHSA-2024:0797
reference_id RHSA-2024:0797
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0797
29
reference_url https://access.redhat.com/errata/RHSA-2024:2011
reference_id RHSA-2024:2011
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2011
30
reference_url https://usn.ubuntu.com/6429-1/
reference_id USN-6429-1
reference_type
scores
url https://usn.ubuntu.com/6429-1/
31
reference_url https://usn.ubuntu.com/6429-3/
reference_id USN-6429-3
reference_type
scores
url https://usn.ubuntu.com/6429-3/
32
reference_url https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868
reference_id viewtopic.php?f=8&t=8868
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/
url https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868
fixed_packages
0
url pkg:conan/libcurl@8.4.0
purl pkg:conan/libcurl@8.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/libcurl@8.4.0
aliases CVE-2023-38545
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcqe-7skm-b3fz
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:conan/libcurl@7.69.0