CVE-2023-38546 log
| Source |
|
| Severity | Low |
| Remote | Yes |
| Type | Content spoofing |
| Description | A logic flaw has been found in cURL before 8.4.0, which allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2846 | lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls | 8.3.0-1 | 8.4.0-1 | High | Fixed | |
| AVG-2845 | curl, libcurl-compat, libcurl-gnutls | 8.3.0-1 | 8.4.0-1 | High | Fixed |
| References |
|---|
https://curl.se/docs/CVE-2023-38546.html https://github.com/curl/curl/commit/61275672b46d9abb32857404 |