Skip to main content
Skip table of contents

ISN 2023-23: Curl Vulnerability

Updated 2 November 2023 (OS 12.2.1 available)

First published 12 October 2023

CVSS 3.1: 7.5 (High)

CVSS:3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A vulnerability has been found in the Curl package, which is used in IGEL OS. This affects the following IGEL products:

  • IGEL OS 12
  • IGEL OS 11

Details

A heap-based buffer overflow was found in the SOCKS5 proxy handshake in the Curl package. This vulnerability rated high is being tracked with CVE-2023-38545. In the updated packages they also resolved a low severity vulnerability for libcurl which is tracked with CVE-2023-38546. These vulnerabilities were responsibly disclosed to the Curl maintainers and there is no evidence of it being exploited before.

Update Instructions

  • OS 12: Update to IGEL OS 12.2.1 or newer.
  • OS 11: Update to IGEL OS 11.09.110 or newer.

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.