Skip to main content
Skip table of contents

ISN 2023-23: Curl Vulnerability

Updated 2 November 2023 (OS 12.2.1 available)

First published 12 October 2023

CVSS 3.1: 7.5 (High)

CVSS:3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A vulnerability has been found in the Curl package, which is used in IGEL OS. This affects the following IGEL products:

  • IGEL OS 12
  • IGEL OS 11

Details

A heap-based buffer overflow was found in the SOCKS5 proxy handshake in the Curl package. This vulnerability rated high is being tracked with CVE-2023-38545. In the updated packages they also resolved a low severity vulnerability for libcurl which is tracked with CVE-2023-38546. These vulnerabilities were responsibly disclosed to the Curl maintainers and there is no evidence of it being exploited before.

Update Instructions

  • OS 12: Update to IGEL OS 12.2.1 or newer.
  • OS 11: Update to IGEL OS 11.09.110 or newer.

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close