AVG-2845 log

Package curl, libcurl-compat, libcurl-gnutls
Status Fixed
Severity High
Type multiple issues
Affected 8.3.0-1
Fixed 8.4.0-1
Current 8.6.0-3 [core]
Ticket None
Created Wed Oct 11 09:12:24 2023
Advisory Pending
Issue Severity Remote Type Description
CVE-2023-38546 Low Yes Content spoofing
A logic flaw has been found in cURL before 8.4.0, which allows an attacker to insert cookies at will into a running program using libcurl, if the specific...
CVE-2023-38545 High Yes Arbitrary code execution
A heap-based buffer overflow has been found in the SOCKS5 proxy handshake component of cURL before 8.4.0.