CVE-2023-38545

Public on 2023-10-11
Modified on 2024-02-01
Description
An issue was found in curl that can cause a buffer overflow in its SOCKS5 proxy communications code.

When curl is using a SOCKS5 proxy and it needs to resolve a hostname to an IP address, its default behavior is to pass the hostname to the proxy and allow it to perform the resolution. In cases where the hostname is greater than 255 characters in length, curl will instead attempt to perform the resolution locally and then pass the resolved IP to the proxy for its use. Due to an issue in the curl source code, the logic that determines whether curl should resolve the name locally or pass it to the proxy for resolution could make an incorrect decision when a slow SOCKS5 handshake occurs. If this occurs, curl may inadvertently copy an excessively long host name, rather than the resolved address, into the target buffer being prepared for transmission to the proxy, resulting in a buffer overflow.
Severity
Important severity
Important
CVSS v3 Base Score
8.1
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 curl Not Affected
Amazon Linux 2 - Core curl 2023-10-10 ALAS2-2023-2287 Fixed
Amazon Linux 2023 curl 2023-10-10 ALAS2023-2023-377 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv3 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H