AVG-2846 log
| Package | lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 8.3.0-1 |
| Fixed | 8.4.0-1 |
| Current | 8.7.1-4 [multilib] |
| Ticket | None |
| Created | Wed Oct 11 09:12:55 2023 |
| Advisory | Pending |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2023-38546 | Low | Yes | Content spoofing | A logic flaw has been found in cURL before 8.4.0, which allows an attacker to insert cookies at will into a running program using libcurl, if the specific... |
| CVE-2023-38545 | High | Yes | Arbitrary code execution | A heap-based buffer overflow has been found in the SOCKS5 proxy handshake component of cURL before 8.4.0. |