A vulnerability has been found in the Curl package, which is used in IGEL OS. This affects the following IGEL products:
IGEL OS 12
IGEL OS 11
Details
A heap-based buffer overflow was found in the SOCKS5 proxy handshake in the Curl package. This vulnerability rated high is being tracked with CVE-2023-38545. In the updated packages they also resolved a low severity vulnerability for libcurl which is tracked with CVE-2023-38546. These vulnerabilities were responsibly disclosed to the Curl maintainers and there is no evidence of it being exploited before.