Search for vulnerabilities
Vulnerability details: VCID-kz7x-9spe-aaar
Vulnerability ID VCID-kz7x-9spe-aaar
Aliases CVE-2023-38545
Summary This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.
Status Published
Exploitability 2.0
Weighted Severity 8.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-787 Out-of-bounds Write
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122 Heap-based Buffer Overflow
System Score Found at
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38545.json
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.00456 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.00542 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.00542 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.00542 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.00542 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.00542 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.00542 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.00542 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.00542 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.00542 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.00542 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.00821 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.00821 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.00821 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.00821 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.17631 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.17631 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.17631 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.17631 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.17631 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.17631 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.17631 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18014 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18844 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.18844 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.19246 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.19246 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.19246 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.89294 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.90104 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.90104 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.90104 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.90104 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.90104 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.90104 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
epss 0.90104 https://api.first.org/data/v1/epss?cve=CVE-2023-38545
cvssv3.1 High https://curl.se/docs/CVE-2023-38545.html
cvssv3.1 8.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-38545
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-38545
archlinux High https://security.archlinux.org/AVG-2845
archlinux High https://security.archlinux.org/AVG-2846
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38545.json
https://api.first.org/data/v1/epss?cve=CVE-2023-38545
https://curl.se/docs/CVE-2023-38545.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546
http://seclists.org/fulldisclosure/2024/Jan/34
http://seclists.org/fulldisclosure/2024/Jan/37
http://seclists.org/fulldisclosure/2024/Jan/38
https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/bcdannyboy/CVE-2023-38545
https://github.com/dbrugman/CVE-2023-38545-POC
https://github.com/UTsweetyfish/CVE-2023-38545
https://hackerone.com/reports/2187833
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/
https://security.netapp.com/advisory/ntap-20231027-0009/
https://security.netapp.com/advisory/ntap-20240201-0005/
https://support.apple.com/kb/HT214036
https://support.apple.com/kb/HT214057
https://support.apple.com/kb/HT214058
https://support.apple.com/kb/HT214063
https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/
2241933 https://bugzilla.redhat.com/show_bug.cgi?id=2241933
AVG-2845 https://security.archlinux.org/AVG-2845
AVG-2846 https://security.archlinux.org/AVG-2846
cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545
GLSA-202310-12 https://security.gentoo.org/glsa/202310-12
RHSA-2023:5700 https://access.redhat.com/errata/RHSA-2023:5700
RHSA-2023:5763 https://access.redhat.com/errata/RHSA-2023:5763
RHSA-2023:6745 https://access.redhat.com/errata/RHSA-2023:6745
RHSA-2023:7625 https://access.redhat.com/errata/RHSA-2023:7625
RHSA-2023:7626 https://access.redhat.com/errata/RHSA-2023:7626
RHSA-2024:0797 https://access.redhat.com/errata/RHSA-2024:0797
RHSA-2024:2011 https://access.redhat.com/errata/RHSA-2024:2011
USN-6429-1 https://usn.ubuntu.com/6429-1/
USN-6429-3 https://usn.ubuntu.com/6429-3/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38545.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-38545
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-38545
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.75763
EPSS Score 0.00456
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.