This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Urgent Security Advisory: CVE-2023-38545 in curl and libcurl

AustinG
By Community Manager Community Manager
Community Manager
We are aware of a critical security vulnerability, CVE-2023-38545, in the widely-used data transfer tool, curl, and its library, libcurl. Rest assured, we are actively working to identify services utilizing curl in our infrastructure and have taken the following steps:
What’s the Issue?: A high-severity vulnerability in curl.
Why It Matters: This is a severe issue with a high probability of impacting multiple systems.
Preparation: We are actively monitoring the situation and utilizing SBOM to identify affected services and products.
Action Taken: Curl have advised a security patch is scheduled to be released on October 11.

Your security is our priority, and we are prepared to address this issue. More updates to follow.
‎Oct 10, 2023 04:49 PM
(1) Comment
alexrybak
By Revenera
Revenera

A few things to keep in mind:

  • As always, security patches tend to take a few attempts to fully resolve, so keep an eye our for subsequent patches as more exploit scenarios are uncovered and/or additional security issues are reported.
  • Also, even if you are not a software supplier, don’t forget to check your servers as you likely have cURL installed on them in your data center. Make sure you upgrade all instances to the appropriate "latest" version as patches are released.
  • Finally, do not forget to check derivative projects that were base on or ported from cURL for impact... i.e., pycurl, python-pycurl, and others.
‎Oct 10, 2023 04:51 PM