The curl CVE-2023-38545 affects curl clients that are configured to use a SOCKS5 proxy with remote DNS enabled. To exploit the vulnerability, the attacker needs to cause curl to look up an arbitrary hostname (which could be done via a malicious webserver issuing a HTTP redirect header). The attacker does not need to control the SOCK5 server curl uses, but doing so would likely provide a path to easier exploitation.
https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/
Marcus Hutchins :verified: /
npub1t5…338yv
2023-10-11 12:30:44
Author Public Key
npub1t5y3qpya5m4v4tv73yw447uglfsn7j44znv2d38m2xsrah4kpm0qt338yvPublished at
2023-10-11 12:30:44Event JSON
{
"id": "6ae1f2f4f0cb6232d883fabd87dcb9c1b76ff3ef522e58f07f8fd7bdd614d96e",
"pubkey": "5d0910049da6eacaad9e891d5afb88fa613f4ab514d8a6c4fb51a03edeb60ede",
"created_at": 1697020244,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/malwaretech/statuses/111215918749697572",
"activitypub"
]
],
"content": "The curl CVE-2023-38545 affects curl clients that are configured to use a SOCKS5 proxy with remote DNS enabled. To exploit the vulnerability, the attacker needs to cause curl to look up an arbitrary hostname (which could be done via a malicious webserver issuing a HTTP redirect header). The attacker does not need to control the SOCK5 server curl uses, but doing so would likely provide a path to easier exploitation.\nhttps://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/",
"sig": "73a60c9f2eb90835107b4f5bb64bef771dc77c6eb3eb985d338d2a5bae48541b0b1cdf7a53310f783e39427348bca1b135f05affc397d8872d47095b2acc3e86"
}