CVE-2023-38545
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-38545
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38545.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-38545
- Aliases
- Downstream
- Related
- Published
- 2023-10-18T04:15:11Z
- Modified
- 2025-10-08T14:29:28.420655Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake.
When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes.
If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there.
The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.
- References
-
- http://seclists.org/fulldisclosure/2024/Jan/34
- http://seclists.org/fulldisclosure/2024/Jan/37
- http://seclists.org/fulldisclosure/2024/Jan/38
- https://curl.se/docs/CVE-2023-38545.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/
- https://security.netapp.com/advisory/ntap-20231027-0009/
- https://security.netapp.com/advisory/ntap-20240201-0005/
- https://support.apple.com/kb/HT214036
- https://support.apple.com/kb/HT214057
- https://support.apple.com/kb/HT214058
- https://support.apple.com/kb/HT214063
- https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/
- https://github.com/UTsweetyfish/CVE-2023-38545
- https://github.com/bcdannyboy/CVE-2023-38545
- https://github.com/dbrugman/CVE-2023-38545-POC
- https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868
Affected packages
Git / github.com/curl/curl
Affected versions
Other
curl-7_69_0
curl-7_69_1
curl-7_70_0
curl-7_71_0
curl-7_71_1
curl-7_72_0
curl-7_73_0
curl-7_74_0
curl-7_75_0
curl-7_76_0
curl-7_76_1
curl-7_77_0
curl-7_78_0
curl-7_79_0
curl-7_79_1
curl-7_80_0
curl-7_81_0
curl-7_82_0
curl-7_83_0
curl-7_83_1
curl-7_84_0
curl-7_85_0
curl-7_86_0
curl-7_87_0
curl-7_88_0
curl-7_88_1
curl-8_0_0
curl-8_0_1
curl-8_1_0
curl-8_1_1
curl-8_1_2
curl-8_2_0
curl-8_2_1
curl-8_3_0
curl-8_4_0
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"263307682094500820290205177423064176866",
"321718229171705863456626913355012470508",
"183922927962438405201272844812329222263",
"15642842634395933921339914590773403229",
"25867451713061925981848695884337605847",
"149601294860883865403859404865289555963",
"90575944529110310116388777334791200415",
"301226691388550282457399043369151875135",
"112792544375522825767283206488529333659",
"317124317695468820147332529450104172442",
"279626610508633134674331854300499758549",
"319545292786741790628961548794621781780",
"307685309620836379624187236229132359918",
"195115621112340359530823265587072156773",
"86668430276747001255667977899716113166",
"161111405514161800165013528315216005059",
"308170577378865601343955254141018539084",
"55372857224031237829752412793271708872",
"263575754450363960617923052849304075584",
"307457786620768197988069311874095207694",
"296121126154374182804893858116505298639",
"31704939749513917889825480403850454919"
]
},
"source": "https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59",
"deprecated": false,
"target": {
"file": "lib/multi.c"
},
"signature_type": "Line",
"id": "CVE-2023-38545-06a8ff72"
},
{
"signature_version": "v1",
"digest": {
"length": 1548.0,
"function_hash": "237932710610101955861263443630007038111"
},
"source": "https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59",
"deprecated": false,
"target": {
"file": "lib/cf-socket.c",
"function": "do_connect"
},
"signature_type": "Function",
"id": "CVE-2023-38545-14a7aeab"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"141726004083826150297332644201013428892",
"160647893720381844090636055379291702551",
"240953266059513025688119487073249743594",
"302718822538118768931272267312169681587",
"149994933651253049576095808706198786268",
"226147444197141429045870830298675061810",
"302065076745837940529980562636199223874",
"181669538011728751988471984701666527523",
"123253115895660554021920887213024950321"
]
},
"source": "https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59",
"deprecated": false,
"target": {
"file": "include/curl/system.h"
},
"signature_type": "Line",
"id": "CVE-2023-38545-281b1716"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"307735637131859088753486435402700768429",
"222600090078334172569991744031124722228",
"179487069789813720997021675371315695321",
"4937046583110787227061258358080850299",
"320072073212594975547501307715293178599",
"264011557248959870590358919970016903139",
"130562250241525122084108257420367296282",
"315161302301649832689986964069750367261",
"128603871237598613658944523807397420973",
"250384121785797532442311899323117199103",
"205892900842283828890987232435233030718"
]
},
"source": "https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59",
"deprecated": false,
"target": {
"file": "lib/curl_setup.h"
},
"signature_type": "Line",
"id": "CVE-2023-38545-2af65ebb"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"34750992693478958138728471905003357503",
"115758682526657326067298833939451531429",
"290856872518332235961350696452127581891",
"306786620289776567412149226396400622376",
"182056150930946379449503049477305959248",
"97827629699958890605235526388417122559",
"133817841928160750322675472808696167974",
"338327552553423096513860524432564311595",
"172286668487196833960212922173784271070",
"73018212311488028011446883137514793985",
"110320422816145049986089039189992890750",
"142088825614697222316323778460690175547",
"232735515667816916975064481253089564193"
]
},
"source": "https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59",
"deprecated": false,
"target": {
"file": "lib/curl_setup_once.h"
},
"signature_type": "Line",
"id": "CVE-2023-38545-7a7fd1e2"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"62754282639999331335000166695586488252",
"228452506958689227802272708420864505505",
"196619381641102575949591595563608340774",
"11983107166569350083664738511274853447",
"175131023041666167614745485887557216223",
"160055108580799060234011127926974860446"
]
},
"source": "https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59",
"deprecated": false,
"target": {
"file": "include/curl/multi.h"
},
"signature_type": "Line",
"id": "CVE-2023-38545-8baa426c"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"304554834165557774769799825694420316083",
"281772446236800063228827609672495531920",
"250109136465138082415094790109759272464",
"197617959229130573142022025500165098341"
]
},
"source": "https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59",
"deprecated": false,
"target": {
"file": "lib/select.h"
},
"signature_type": "Line",
"id": "CVE-2023-38545-91ca3900"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"47350584164390638421657483516748125576",
"287071698124826862101979251407511979009"
]
},
"source": "https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59",
"deprecated": false,
"target": {
"file": "lib/urldata.h"
},
"signature_type": "Line",
"id": "CVE-2023-38545-950e8fbe"
},
{
"signature_version": "v1",
"digest": {
"length": 914.0,
"function_hash": "66321930300479189972374503815584433915"
},
"source": "https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59",
"deprecated": false,
"target": {
"file": "lib/multi.c",
"function": "curl_multi_fdset"
},
"signature_type": "Function",
"id": "CVE-2023-38545-998e66d9"
},
{
"signature_version": "v1",
"digest": {
"length": 2825.0,
"function_hash": "284512034176689032879040861674708683206"
},
"source": "https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59",
"deprecated": false,
"target": {
"file": "lib/select.c",
"function": "Curl_poll"
},
"signature_type": "Function",
"id": "CVE-2023-38545-b2b6cb3e"
},
{
"signature_version": "v1",
"digest": {
"length": 1102.0,
"function_hash": "19027098081999735910308636630429926416"
},
"source": "https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59",
"deprecated": false,
"target": {
"file": "lib/cf-socket.c",
"function": "cf_udp_setup_quic"
},
"signature_type": "Function",
"id": "CVE-2023-38545-b7cb0af4"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"207164338839129032286190807413230553404",
"110800041465413858002998465309868537244",
"158971987049034126157440325195879910966",
"290227461053827327977795203998366579232",
"93380518440927338398538532335379032600",
"107432081930361215873509603079111784529",
"3557087170121162165376004596779947368",
"307018461205702085166035968197514031647",
"326434330372778381455971433549013750755",
"222198904576951632569822019657687148114",
"1386329855968792161579682574448578975",
"27658310193856675229012682550898543393",
"254483175568159826349769845652537424503",
"246533398879253069578800611190422467480",
"265224261304466812435501459670246274746",
"210933364649422984267134596391839645555",
"260669533129735114514249853191743244519",
"1912251460538077137534153122190231679",
"106178053316947079933453264927112268374",
"59913501235530591230019607996531137661"
]
},
"source": "https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59",
"deprecated": false,
"target": {
"file": "include/curl/curl.h"
},
"signature_type": "Line",
"id": "CVE-2023-38545-c29452a9"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"220074972677793547290747110446770772576",
"66031900372723219629836731746148972612",
"312716891063402113424827744485250273819",
"17544199523327820265248751243911025329",
"335070153882701649423664679225194874355",
"55436859196332971601553888240965905274",
"314837436556362162251332755268461206736",
"309822636945502852576783052225779459737",
"326682156759229290221136827359661639075",
"274013222619156790151736259616116499153",
"187833106141913108568530940328944776245",
"197746072329483712745897486632008082764",
"179556176391494941716007323578623249647",
"305605486648912476207012264067709919670",
"105264943041924824595511438151665801140",
"233778672060590392804035088471773401612",
"8422957112064664134430825665143164970",
"101655295961987761236318461813492947594",
"73026192955256478826951299288771222359",
"133515567552773311824660282108153358037",
"258767728415419144291522362724874047127",
"53204677260066646438234355935290602602",
"225929182268067833783586811077430838873",
"222360808511488025993438359797256515499",
"278758232465238060637923927728390425175",
"288286343543078881101592142605282242226",
"79139975242817955679986054332661480130",
"299513414300679973830017679445953495907",
"240769300295213700950288339878953323046",
"55594460690351702186356644024954906856",
"168644947394850176880435644451030803704",
"156600165616506637376317435300798725277",
"8919742447551626828806765369777970354",
"309449063929796213417044081986456517472",
"211266344815861947442753329655017077530",
"330914069272294607151070430812019470618",
"326830677823708718402743360223587310014",
"219628932377280284870139597191788693261",
"187151379962662113838391467313531988979",
"177816018658834231425220591985088039056",
"25911547816817436824064930400963345268",
"280482816921026916075921405639945586056",
"22706441630526509385331875698304773900",
"248440073528025239321637618682570968696",
"265356618017825649200544057563265609945",
"42927893770695984053048238911275569437",
"2933204812893395874188980572629835360",
"255512171513285227308104952687922412774",
"180077118391504653466513680531480925486",
"264696968840768668397977245697462030077",
"154993782941586243324396997503241755474",
"212578670419504022476666097053866672481",
"200468089342866594257187631609437095824",
"234120107643081183937309990602541693016",
"31704054757304986908530755890901696214",
"110014335772212182654132576893017648586",
"118815020189068712614390093753614393553",
"147721076804823186606937610916537009395",
"338031355604672940535887616998336698581",
"101447203547269136823721824983559427722",
"278790734838647616766240423204645195647",
"273056597826508444735119116819015163482",
"82724965730534817878487561941586519975",
"55511529646463571987561327017498144373",
"22511304144055707562573102005941878359",
"163990967092738201129898722761730965107",
"263955449179554940716292242539988866815",
"180077118391504653466513680531480925486",
"71140973139491917945127605123450810029",
"132572672206444265120250688296423795091",
"109886284674999430843698252496361998610",
"1535172347272136263013739328916883143",
"256253032883239984156927561804073989440",
"201345332710770985400564728851521230116",
"232513699147668249858426644005765579436",
"31029300778149335353015006165941299776",
"168723601361145397221247516492721937332",
"326822084859014883324325148067480757513",
"208275492348268358606658170382260747103",
"94693287535032119579076808938942970362",
"76270991698822047309210497463886347508",
"306160942115905947493589648575761732489"
]
},
"source": "https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59",
"deprecated": false,
"target": {
"file": "lib/cf-socket.c"
},
"signature_type": "Line",
"id": "CVE-2023-38545-c9b76822"
},
{
"signature_version": "v1",
"digest": {
"length": 152.0,
"function_hash": "320969236782604712524596425284645515554"
},
"source": "https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59",
"deprecated": false,
"target": {
"file": "lib/multi.c",
"function": "hash_fd"
},
"signature_type": "Function",
"id": "CVE-2023-38545-cc7ce556"
},
{
"signature_version": "v1",
"digest": {
"length": 638.0,
"function_hash": "29754786734616033181624100017028652817"
},
"source": "https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59",
"deprecated": false,
"target": {
"file": "lib/select.c",
"function": "our_select"
},
"signature_type": "Function",
"id": "CVE-2023-38545-d8c958bc"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"94987943450660365199476259403272724472",
"63826320319478012736021848003389135928",
"98114649084200364890900141726030587457",
"261328897265120463816763953917527070657",
"201272240346967993903171794326619885600",
"247894214294328485543557655792339115328",
"327421313438836471336733987308075972510",
"236498998132103791523987478211436378664",
"52830971657421184919296326219395422929",
"162983994493229524312211970923488891461",
"324393097983845921292331744274156452152",
"130050690799897577225639043169309503660",
"258525914700916529121510203257258767756",
"139291323417737679499741606998312111636",
"196363911523754901014083072228726295671",
"161139715035920660390124432997418909444"
]
},
"source": "https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59",
"deprecated": false,
"target": {
"file": "lib/select.c"
},
"signature_type": "Line",
"id": "CVE-2023-38545-d95106a9"
}
]
}