{"id":"MGASA-2023-0288","summary":"Updated the curl packages to fix two security vulnerabilities","details":"curl/libcurl is vulnerable to a heap buffer overflow in its SOCKS5\nsupport that could be exploited by a remote web server when curl is\nconfigured to use a SOCKS5 proxy with remote hostname resolution.\n\nlibcurl is vulnerable to a cookie injection attack where a local\nattacker can inject cookies into certain vulnerable applications using\nlibcurl.\n","modified":"2026-04-16T04:44:27.574931594Z","published":"2023-10-13T22:56:51Z","upstream":["CVE-2023-38545","CVE-2023-38546"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0288.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32362"},{"type":"ADVISORY","url":"https://curl.se/docs/CVE-2023-38545.html"},{"type":"ADVISORY","url":"https://curl.se/docs/CVE-2023-38546.html"},{"type":"REPORT","url":"https://hackerone.com/reports/2187833"},{"type":"REPORT","url":"https://hackerone.com/reports/2148242"},{"type":"ADVISORY","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545"},{"type":"ADVISORY","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546"}],"affected":[{"package":{"name":"curl","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/curl?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.74.0-1.14.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0288.json"}},{"package":{"name":"curl","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/curl?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.88.1-3.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0288.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}