AVG-2845 log
Package | curl, libcurl-compat, libcurl-gnutls |
Status | Fixed |
Severity | High |
Type | multiple issues |
Affected | 8.3.0-1 |
Fixed | 8.4.0-1 |
Current | 8.10.1-1 [core] |
Ticket | None |
Created | Wed Oct 11 09:12:24 2023 |
Advisory | Pending |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2023-38546 | Low | Yes | Content spoofing | A logic flaw has been found in cURL before 8.4.0, which allows an attacker to insert cookies at will into a running program using libcurl, if the specific... |
CVE-2023-38545 | High | Yes | Arbitrary code execution | A heap-based buffer overflow has been found in the SOCKS5 proxy handshake component of cURL before 8.4.0. |