{"id":"CVE-2023-38545","details":"This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.","aliases":["CURL-CVE-2023-38545"],"modified":"2026-04-16T08:45:24.947795Z","published":"2023-10-18T04:15:11.077Z","related":["ALSA-2023:5763","ALSA-2023:6745","CGA-h3pr-p53j-9p76","SUSE-SU-2023:4043-1","SUSE-SU-2023:4044-1","USN-6429-3","openSUSE-SU-2024:13325-1","openSUSE-SU-2024:13461-1","openSUSE-SU-2024:13464-1","openSUSE-SU-2024:14085-1"],"references":[{"type":"WEB","url":"https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2024/Jan/37"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20231027-0009/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240201-0005/"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2024/Jan/34"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2024/Jan/38"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT214057"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT214058"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT214063"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT214036"},{"type":"FIX","url":"https://curl.se/docs/CVE-2023-38545.html"},{"type":"FIX","url":"https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/"},{"type":"PACKAGE","url":"https://github.com/bcdannyboy/CVE-2023-38545"},{"type":"PACKAGE","url":"https://github.com/dbrugman/CVE-2023-38545-POC"},{"type":"PACKAGE","url":"https://github.com/UTsweetyfish/CVE-2023-38545"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/curl/curl","events":[{"introduced":"b8d1366852fd0034374c5de1e4968c7a224f77cc"},{"fixed":"172e54cda18412da73fd8eb4e444e8a5b371ca59"}],"database_specific":{"versions":[{"introduced":"7.69.0"},{"fixed":"8.4.0"}]}}],"versions":["curl-7_69_0","curl-7_69_1","curl-7_70_0","curl-7_71_0","curl-7_71_1","curl-7_72_0","curl-7_73_0","curl-7_74_0","curl-7_75_0","curl-7_76_0","curl-7_76_1","curl-7_77_0","curl-7_78_0","curl-7_79_0","curl-7_79_1","curl-7_80_0","curl-7_81_0","curl-7_82_0","curl-7_83_0","curl-7_83_1","curl-7_84_0","curl-7_85_0","curl-7_86_0","curl-7_87_0","curl-7_88_0","curl-7_88_1","curl-8_0_0","curl-8_0_1","curl-8_1_0","curl-8_1_1","curl-8_1_2","curl-8_2_0","curl-8_2_1","curl-8_3_0","curl-8_4_0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38545.json","vanir_signatures":[{"target":{"file":"lib/multi.c"},"source":"https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["263307682094500820290205177423064176866","321718229171705863456626913355012470508","183922927962438405201272844812329222263","15642842634395933921339914590773403229","25867451713061925981848695884337605847","149601294860883865403859404865289555963","90575944529110310116388777334791200415","301226691388550282457399043369151875135","112792544375522825767283206488529333659","317124317695468820147332529450104172442","279626610508633134674331854300499758549","319545292786741790628961548794621781780","307685309620836379624187236229132359918","195115621112340359530823265587072156773","86668430276747001255667977899716113166","161111405514161800165013528315216005059","308170577378865601343955254141018539084","55372857224031237829752412793271708872","263575754450363960617923052849304075584","307457786620768197988069311874095207694","296121126154374182804893858116505298639","31704939749513917889825480403850454919"],"threshold":0.9},"id":"CVE-2023-38545-06a8ff72","signature_version":"v1"},{"target":{"file":"lib/cf-socket.c","function":"do_connect"},"source":"https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59","deprecated":false,"signature_type":"Function","digest":{"length":1548,"function_hash":"237932710610101955861263443630007038111"},"id":"CVE-2023-38545-14a7aeab","signature_version":"v1"},{"target":{"file":"include/curl/system.h"},"source":"https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["141726004083826150297332644201013428892","160647893720381844090636055379291702551","240953266059513025688119487073249743594","302718822538118768931272267312169681587","149994933651253049576095808706198786268","226147444197141429045870830298675061810","302065076745837940529980562636199223874","181669538011728751988471984701666527523","123253115895660554021920887213024950321"],"threshold":0.9},"id":"CVE-2023-38545-281b1716","signature_version":"v1"},{"target":{"file":"lib/curl_setup.h"},"source":"https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["307735637131859088753486435402700768429","222600090078334172569991744031124722228","179487069789813720997021675371315695321","4937046583110787227061258358080850299","320072073212594975547501307715293178599","264011557248959870590358919970016903139","130562250241525122084108257420367296282","315161302301649832689986964069750367261","128603871237598613658944523807397420973","250384121785797532442311899323117199103","205892900842283828890987232435233030718"],"threshold":0.9},"id":"CVE-2023-38545-2af65ebb","signature_version":"v1"},{"target":{"file":"lib/curl_setup_once.h"},"source":"https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["34750992693478958138728471905003357503","115758682526657326067298833939451531429","290856872518332235961350696452127581891","306786620289776567412149226396400622376","182056150930946379449503049477305959248","97827629699958890605235526388417122559","133817841928160750322675472808696167974","338327552553423096513860524432564311595","172286668487196833960212922173784271070","73018212311488028011446883137514793985","110320422816145049986089039189992890750","142088825614697222316323778460690175547","232735515667816916975064481253089564193"],"threshold":0.9},"id":"CVE-2023-38545-7a7fd1e2","signature_version":"v1"},{"target":{"file":"include/curl/multi.h"},"source":"https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["62754282639999331335000166695586488252","228452506958689227802272708420864505505","196619381641102575949591595563608340774","11983107166569350083664738511274853447","175131023041666167614745485887557216223","160055108580799060234011127926974860446"],"threshold":0.9},"id":"CVE-2023-38545-8baa426c","signature_version":"v1"},{"target":{"file":"lib/select.h"},"source":"https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["304554834165557774769799825694420316083","281772446236800063228827609672495531920","250109136465138082415094790109759272464","197617959229130573142022025500165098341"],"threshold":0.9},"id":"CVE-2023-38545-91ca3900","signature_version":"v1"},{"target":{"file":"lib/urldata.h"},"source":"https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["47350584164390638421657483516748125576","287071698124826862101979251407511979009"],"threshold":0.9},"id":"CVE-2023-38545-950e8fbe","signature_version":"v1"},{"target":{"file":"lib/multi.c","function":"curl_multi_fdset"},"source":"https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59","deprecated":false,"signature_type":"Function","digest":{"length":914,"function_hash":"66321930300479189972374503815584433915"},"id":"CVE-2023-38545-998e66d9","signature_version":"v1"},{"target":{"file":"lib/select.c","function":"Curl_poll"},"source":"https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59","deprecated":false,"signature_type":"Function","digest":{"length":2825,"function_hash":"284512034176689032879040861674708683206"},"id":"CVE-2023-38545-b2b6cb3e","signature_version":"v1"},{"target":{"file":"lib/cf-socket.c","function":"cf_udp_setup_quic"},"source":"https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59","deprecated":false,"signature_type":"Function","digest":{"length":1102,"function_hash":"19027098081999735910308636630429926416"},"id":"CVE-2023-38545-b7cb0af4","signature_version":"v1"},{"target":{"file":"include/curl/curl.h"},"source":"https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["207164338839129032286190807413230553404","110800041465413858002998465309868537244","158971987049034126157440325195879910966","290227461053827327977795203998366579232","93380518440927338398538532335379032600","107432081930361215873509603079111784529","3557087170121162165376004596779947368","307018461205702085166035968197514031647","326434330372778381455971433549013750755","222198904576951632569822019657687148114","1386329855968792161579682574448578975","27658310193856675229012682550898543393","254483175568159826349769845652537424503","246533398879253069578800611190422467480","265224261304466812435501459670246274746","210933364649422984267134596391839645555","260669533129735114514249853191743244519","1912251460538077137534153122190231679","106178053316947079933453264927112268374","59913501235530591230019607996531137661"],"threshold":0.9},"id":"CVE-2023-38545-c29452a9","signature_version":"v1"},{"target":{"file":"lib/cf-socket.c"},"source":"https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["220074972677793547290747110446770772576","66031900372723219629836731746148972612","312716891063402113424827744485250273819","17544199523327820265248751243911025329","335070153882701649423664679225194874355","55436859196332971601553888240965905274","314837436556362162251332755268461206736","309822636945502852576783052225779459737","326682156759229290221136827359661639075","274013222619156790151736259616116499153","187833106141913108568530940328944776245","197746072329483712745897486632008082764","179556176391494941716007323578623249647","305605486648912476207012264067709919670","105264943041924824595511438151665801140","233778672060590392804035088471773401612","8422957112064664134430825665143164970","101655295961987761236318461813492947594","73026192955256478826951299288771222359","133515567552773311824660282108153358037","258767728415419144291522362724874047127","53204677260066646438234355935290602602","225929182268067833783586811077430838873","222360808511488025993438359797256515499","278758232465238060637923927728390425175","288286343543078881101592142605282242226","79139975242817955679986054332661480130","299513414300679973830017679445953495907","240769300295213700950288339878953323046","55594460690351702186356644024954906856","168644947394850176880435644451030803704","156600165616506637376317435300798725277","8919742447551626828806765369777970354","309449063929796213417044081986456517472","211266344815861947442753329655017077530","330914069272294607151070430812019470618","326830677823708718402743360223587310014","219628932377280284870139597191788693261","187151379962662113838391467313531988979","177816018658834231425220591985088039056","25911547816817436824064930400963345268","280482816921026916075921405639945586056","22706441630526509385331875698304773900","248440073528025239321637618682570968696","265356618017825649200544057563265609945","42927893770695984053048238911275569437","2933204812893395874188980572629835360","255512171513285227308104952687922412774","180077118391504653466513680531480925486","264696968840768668397977245697462030077","154993782941586243324396997503241755474","212578670419504022476666097053866672481","200468089342866594257187631609437095824","234120107643081183937309990602541693016","31704054757304986908530755890901696214","110014335772212182654132576893017648586","118815020189068712614390093753614393553","147721076804823186606937610916537009395","338031355604672940535887616998336698581","101447203547269136823721824983559427722","278790734838647616766240423204645195647","273056597826508444735119116819015163482","82724965730534817878487561941586519975","55511529646463571987561327017498144373","22511304144055707562573102005941878359","163990967092738201129898722761730965107","263955449179554940716292242539988866815","180077118391504653466513680531480925486","71140973139491917945127605123450810029","132572672206444265120250688296423795091","109886284674999430843698252496361998610","1535172347272136263013739328916883143","256253032883239984156927561804073989440","201345332710770985400564728851521230116","232513699147668249858426644005765579436","31029300778149335353015006165941299776","168723601361145397221247516492721937332","326822084859014883324325148067480757513","208275492348268358606658170382260747103","94693287535032119579076808938942970362","76270991698822047309210497463886347508","306160942115905947493589648575761732489"],"threshold":0.9},"id":"CVE-2023-38545-c9b76822","signature_version":"v1"},{"target":{"file":"lib/multi.c","function":"hash_fd"},"source":"https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59","deprecated":false,"signature_type":"Function","digest":{"length":152,"function_hash":"320969236782604712524596425284645515554"},"id":"CVE-2023-38545-cc7ce556","signature_version":"v1"},{"target":{"file":"lib/select.c","function":"our_select"},"source":"https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59","deprecated":false,"signature_type":"Function","digest":{"length":638,"function_hash":"29754786734616033181624100017028652817"},"id":"CVE-2023-38545-d8c958bc","signature_version":"v1"},{"target":{"file":"lib/select.c"},"source":"https://github.com/curl/curl/commit/172e54cda18412da73fd8eb4e444e8a5b371ca59","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["94987943450660365199476259403272724472","63826320319478012736021848003389135928","98114649084200364890900141726030587457","261328897265120463816763953917527070657","201272240346967993903171794326619885600","247894214294328485543557655792339115328","327421313438836471336733987308075972510","236498998132103791523987478211436378664","52830971657421184919296326219395422929","162983994493229524312211970923488891461","324393097983845921292331744274156452152","130050690799897577225639043169309503660","258525914700916529121510203257258767756","139291323417737679499741606998312111636","196363911523754901014083072228726295671","161139715035920660390124432997418909444"],"threshold":0.9},"id":"CVE-2023-38545-d95106a9","signature_version":"v1"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"37"}]},{"events":[{"introduced":"0"},{"fixed":"10.0.17763.5122"}]},{"events":[{"introduced":"0"},{"fixed":"10.0.19044.3693"}]},{"events":[{"introduced":"0"},{"fixed":"10.0.19045.3693"}]},{"events":[{"introduced":"0"},{"fixed":"10.0.22000.2600"}]},{"events":[{"introduced":"0"},{"fixed":"10.0.22621.2715"}]},{"events":[{"introduced":"0"},{"fixed":"10.0.22631.2715"}]},{"events":[{"introduced":"0"},{"fixed":"10.0.17763.5122"}]},{"events":[{"introduced":"0"},{"fixed":"10.0.20348.2113"}]}],"vanir_signatures_modified":"2026-04-16T08:45:24Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}