AVG-2846 log

Package lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls
Status Fixed
Severity High
Type multiple issues
Affected 8.3.0-1
Fixed 8.4.0-1
Current 8.6.0-3 [multilib]
Ticket None
Created Wed Oct 11 09:12:55 2023
Advisory Pending
Issue Severity Remote Type Description
CVE-2023-38546 Low Yes Content spoofing
A logic flaw has been found in cURL before 8.4.0, which allows an attacker to insert cookies at will into a running program using libcurl, if the specific...
CVE-2023-38545 High Yes Arbitrary code execution
A heap-based buffer overflow has been found in the SOCKS5 proxy handshake component of cURL before 8.4.0.