Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Patch CVE-2023-38545 #224

Merged
merged 1 commit into from
Mar 3, 2024
Merged

Patch CVE-2023-38545 #224

merged 1 commit into from
Mar 3, 2024

Conversation

lwthiker
Copy link
Owner

@lwthiker lwthiker commented Mar 3, 2024

CVE-2023-38545 is a high severity heap overflow affecting curl 7.69.0 to 8.3.0, including 8.1.1 which we use for curl-impersonate. Patches were released for older versions. Apply the patch for our version.

For more details, see https://curl.se/docs/CVE-2023-38545.html

Fixes #194

CVE-2023-38545 is a high severity heap overflow affecting curl 7.69.0 to
8.3.0, including 8.1.1 which we use for curl-impersonate. Patches were
released for older versions. Apply the patch for our version.

For more details, see https://curl.se/docs/CVE-2023-38545.html
@lwthiker lwthiker merged commit f49b5b2 into main Mar 3, 2024
5 checks passed
@lwthiker lwthiker deleted the patch-cve-2023-38545 branch March 3, 2024 12:28
@gamer191
Copy link

gamer191 commented Apr 7, 2024

@yifeikong does this affect your fork of curl-impersonate (and curl_cffi)?

EDIT: also, whilst I obviously don't expect you to investigate this, do you happen to know whether this affects curl_cffi 0.5.10? If I'm understanding lexiforest#54 correctly, 0.5.10 is the latest curl_cffi version that has accurate impersonation on windows?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

CVE-2023-38545: severity HIGH (affects both libcurl and the curl tool)
2 participants