virus logo PSIRT

Curl and libcurl CVE-2023-38545 and CVE-2023-38546 vulnerabilities

Summary

CVE-2023-38545: severity HIGH (affects both libcurl and the curl tool)


A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to "let the host resolve the name" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.


https://curl.se/docs/CVE-2023-38545.html


CVE-2023-38546: severity LOW (affects libcurl only, not the tool)


A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.


https://curl.se/docs/CVE-2023-38546.html

Version Affected Solution
FortiExtender 7.4 7.4.0 through 7.4.1 Upgrade to 7.4.2 or above
FortiExtender 7.2 7.2.0 through 7.2.3 Upgrade to 7.2.4 or above
FortiOS (only FGT_VM64) 7.4 7.4.0 through 7.4.1 Upgrade to upcoming 7.4.2 or above
FortiOS (only FGT_VM64) 7.2 7.2.0 through 7.2.6 Upgrade to upcoming 7.2.7 or above
FortiOS (only FGT_VM64) 7.0 7.0.1 through 7.0.13 Upgrade to upcoming 7.0.14 or above
FortiProxy (only FortiProxy_VM64) 7.4 7.4.0 through 7.4.1 Upgrade to upcoming 7.4.2 or above
FortiProxy (only FortiProxy_VM64) 7.2 7.2.0 through 7.2.7 Upgrade to upcoming 7.2.8 or above
FortiProxy (only FortiProxy_VM64) 7.0 7.0 all versions Migrate to a fixed release
Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool

The following products are NOT impacted:



  • FortiMail

  • FortiLANCloud

  • FortiVoice

  • FortiAuthenticator

  • FortiRecorder

  • FortiWeb

  • FortiTester

  • FortiWLM

  • FortiClientLinux

  • FortiVoiceUC

  • FortiClientEMS

  • FortiClientWindows

  • FortiClientMac

  • FortiConnect

  • FortiNAC-F

  • FortiADC

  • FortiNDR

  • FortiSwitch

  • FortiDDoS-F

  • FortiDDoS

  • FortiAnalyzer

  • FortiManager

  • Products not listed in this advisory

Timeline

2023-11-07: Initial publication

IR Number FG-IR-23-385
Date Nov 14, 2023
Severity Medium
CVSSv3 Score 6.1
Impact Execute unauthorized code or commands
CVE ID CVE-2023-38545 CVE-2023-38546
CVRF Download
Language