Curl CVE-2023-38545 SOCKS5 vulnerability
11 October 2023
Curl has announced that a vulnerability was detected SOCKS5 proxy handshake.
The vulnerability CVE-2023-38545 (awaiting score) is possible because of the 255 bytes limit when curl is asked to pass along the hostname. If the hostname is longer than 255 bytes then curl switches to local name resolving instead of the passing method. Because of a bug the local variable that means “let the host resolve the name” could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long hostname to the target buffer instead of copying just the resolved address there.
- libcurl 7.69.0 to and including 8.3.0
Curl has release an update on 11 October 2023 to address the vulnerability and also released security recommendations:
- Upgrade curl to version 8.4.0
- Apply the patch to your local version
- Do not use CURLPROXY_SOCKS5_HOSTNAME proxies with curl
- Do not set a proxy environment variable to socks5h://
More information provided by curl here.