{"api_version":"1","generated_at":"2026-04-22T19:18:03+00:00","cve":"CVE-2023-38545","urls":{"html":"https://cve.report/CVE-2023-38545","api":"https://cve.report/api/cve/CVE-2023-38545.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-38545","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-38545"},"summary":{"title":"CVE-2023-38545","description":"This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.","state":"PUBLIC","assigner":"support@hackerone.com","published_at":"2023-10-18 04:15:00","updated_at":"2024-04-01 15:45:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://security.netapp.com/advisory/ntap-20240201-0005/","name":"https://security.netapp.com/advisory/ntap-20240201-0005/","refsource":"","tags":[],"title":"January 2024 MySQL Cluster Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 37 Update: curl-7.85.0-12.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://curl.se/docs/CVE-2023-38545.html","name":"https://curl.se/docs/CVE-2023-38545.html","refsource":"MISC","tags":[],"title":"curl - SOCKS5 heap buffer overflow - CVE-2023-38545","mime":"text/html","httpstatus":"200","archivestatus":"429"},{"url":"https://support.apple.com/kb/HT214058","name":"https://support.apple.com/kb/HT214058","refsource":"","tags":[],"title":"About the security content of macOS Ventura 13.6.4 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT214036","name":"https://support.apple.com/kb/HT214036","refsource":"","tags":[],"title":"About the security content of macOS Sonoma 14.2 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/","name":"https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"403","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/37","name":"http://seclists.org/fulldisclosure/2024/Jan/37","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20231027-0009/","name":"https://security.netapp.com/advisory/ntap-20231027-0009/","refsource":"MISC","tags":[],"title":"October 2023 MySQL Server Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/38","name":"http://seclists.org/fulldisclosure/2024/Jan/38","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2024/Jan/34","name":"http://seclists.org/fulldisclosure/2024/Jan/34","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT214057","name":"https://support.apple.com/kb/HT214057","refsource":"","tags":[],"title":"About the security content of macOS Monterey 12.7.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT214063","name":"https://support.apple.com/kb/HT214063","refsource":"","tags":[],"title":"About the security content of iOS 16.7.5 and iPadOS 16.7.5 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-38545","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38545","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"38545","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"38545","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"38545","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_10_1809","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"38545","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_10_21h2","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"38545","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_10_22h2","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"38545","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_11_21h2","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"38545","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_11_22h2","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"38545","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_11_23h2","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"38545","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2019","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"38545","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2022","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"38545","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"active_iq_unified_manager","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmware_vsphere","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"38545","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"active_iq_unified_manager","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"38545","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"oncommand_insight","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"38545","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"oncommand_workflow_automation","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-38545","qid":"160994","title":"Oracle Enterprise Linux Security Update for curl (ELSA-2023-5763)"},{"cve":"CVE-2023-38545","qid":"161081","title":"Oracle Enterprise Linux Security Update for curl (ELSA-2023-6745)"},{"cve":"CVE-2023-38545","qid":"199825","title":"Ubuntu Security Notification for curl Vulnerabilities (USN-6429-1)"},{"cve":"CVE-2023-38545","qid":"199899","title":"Ubuntu Security Notification for curl Vulnerabilities (USN-6429-3)"},{"cve":"CVE-2023-38545","qid":"20369","title":"Oracle MySQL OCT 2023 Critical Patch Update (CPUOCT2023)"},{"cve":"CVE-2023-38545","qid":"20399","title":"Oracle Database 19c Critical OJVM Patch Update - January 2024"},{"cve":"CVE-2023-38545","qid":"20400","title":"Oracle Database 19c Critical Patch Update - January 2024"},{"cve":"CVE-2023-38545","qid":"20401","title":"Oracle Database 21c Critical Patch Update - January 2024"},{"cve":"CVE-2023-38545","qid":"242165","title":"Red Hat Update for curl (RHSA-2023:5700)"},{"cve":"CVE-2023-38545","qid":"242183","title":"Red Hat Update for curl (RHSA-2023:5763)"},{"cve":"CVE-2023-38545","qid":"242283","title":"Red Hat Update for curl (RHSA-2023:6745)"},{"cve":"CVE-2023-38545","qid":"242553","title":"Red Hat Update for JBoss Core Services (RHSA-2023:7625)"},{"cve":"CVE-2023-38545","qid":"242923","title":"Red Hat Update for Satellite 6.14.2 (RHSA-2024:0797)"},{"cve":"CVE-2023-38545","qid":"284621","title":"Fedora Security Update for curl (FEDORA-2023-b855de5c0f)"},{"cve":"CVE-2023-38545","qid":"284684","title":"Fedora Security Update for curl (FEDORA-2023-fef2b8da32)"},{"cve":"CVE-2023-38545","qid":"285202","title":"Fedora Security Update for curl (FEDORA-2023-0f8d1871d8)"},{"cve":"CVE-2023-38545","qid":"296105","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 63.157.1 Missing (CPUOCT2023)"},{"cve":"CVE-2023-38545","qid":"296106","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 64.157.2 Missing (CPUOCT2023)"},{"cve":"CVE-2023-38545","qid":"330154","title":"IBM AIX Multiple Vulnerabilities due to curl (curl_advisory3)"},{"cve":"CVE-2023-38545","qid":"356311","title":"Amazon Linux Security Advisory for curl : ALAS2023-2023-377"},{"cve":"CVE-2023-38545","qid":"356312","title":"Amazon Linux Security Advisory for curl : ALAS2-2023-2287"},{"cve":"CVE-2023-38545","qid":"378936","title":"Microsoft Windows Curl Multiple Security Vulnerabilities"},{"cve":"CVE-2023-38545","qid":"378999","title":"Curl Heap Buffer Overflow Vulnerability"},{"cve":"CVE-2023-38545","qid":"379000","title":"Curl SOCKS5 Heap Buffer Overflow Vulnerability"},{"cve":"CVE-2023-38545","qid":"379002","title":"Libcurl Heap Buffer Overflow Vulnerability"},{"cve":"CVE-2023-38545","qid":"379266","title":"Oracle Hypertext Transfer Protocol (HTTP) Server Multiple Vulnerabilities (CPUJAN2024)"},{"cve":"CVE-2023-38545","qid":"379298","title":"Apple macOS Ventura 13.6.4 Not Installed (HT214058)"},{"cve":"CVE-2023-38545","qid":"379300","title":"Apple macOS Monterey 12.7.3 Not Installed (HT214057)"},{"cve":"CVE-2023-38545","qid":"379346","title":"HCL BigFix Multiple Security Vulnerabilities (KB0110209)"},{"cve":"CVE-2023-38545","qid":"379590","title":"Gitlab Multiple Vulnerabilities (prior to gitlab- 16.5.1, 16.4.2, 16.3.6)"},{"cve":"CVE-2023-38545","qid":"44136","title":"FortiOS Multiple Vulnerabilities (FG-IR-23-385)"},{"cve":"CVE-2023-38545","qid":"44183","title":"Juniper Network Operating System (Junos OS) Multiple Security Vulnerabilites (JSA79108)"},{"cve":"CVE-2023-38545","qid":"503379","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2023-38545","qid":"505864","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2023-38545","qid":"6000245","title":"Debian Security Update for curl (DSA 5523-1)"},{"cve":"CVE-2023-38545","qid":"610539","title":"Apple iOS 16.7.5 and iPadOS 16.7.5 Security Update Missing (HT214063)"},{"cve":"CVE-2023-38545","qid":"673709","title":"EulerOS Security Update for curl (EulerOS-SA-2023-3239)"},{"cve":"CVE-2023-38545","qid":"673772","title":"EulerOS Security Update for curl (EulerOS-SA-2024-1055)"},{"cve":"CVE-2023-38545","qid":"673815","title":"EulerOS Security Update for curl (EulerOS-SA-2023-3294)"},{"cve":"CVE-2023-38545","qid":"673909","title":"EulerOS Security Update for curl (EulerOS-SA-2024-1079)"},{"cve":"CVE-2023-38545","qid":"673989","title":"EulerOS Security Update for curl (EulerOS-SA-2023-3267)"},{"cve":"CVE-2023-38545","qid":"674037","title":"EulerOS Security Update for curl (EulerOS-SA-2023-3326)"},{"cve":"CVE-2023-38545","qid":"691322","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for curl (d6c19e8c-6806-11ee-9464-b42e991fc52e)"},{"cve":"CVE-2023-38545","qid":"691336","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (22df5074-71cd-11ee-85eb-84a93843eb75)"},{"cve":"CVE-2023-38545","qid":"710772","title":"Gentoo Linux curl Multiple Vulnerabilities (GLSA 202310-12)"},{"cve":"CVE-2023-38545","qid":"755070","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2023:4044-1)"},{"cve":"CVE-2023-38545","qid":"755071","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2023:4043-1)"},{"cve":"CVE-2023-38545","qid":"907390","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for curl (31288-1)"},{"cve":"CVE-2023-38545","qid":"907455","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for cmake (31501)"},{"cve":"CVE-2023-38545","qid":"907481","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for cmake (31501-1)"},{"cve":"CVE-2023-38545","qid":"941303","title":"AlmaLinux Security Update for curl (ALSA-2023:5763)"},{"cve":"CVE-2023-38545","qid":"941348","title":"AlmaLinux Security Update for curl (ALSA-2023:6745)"},{"cve":"CVE-2023-38545","qid":"961057","title":"Rocky Linux Security Update for curl (RLSA-2023:5763)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-38545","ASSIGNER":"support@hackerone.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"curl","product":{"product_data":[{"product_name":"curl","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"8.4.0","status":"affected","lessThan":"8.4.0","versionType":"semver"},{"version":"7.69.0","status":"unaffected","lessThan":"7.69.0","versionType":"semver"}]}}]}}]}}]}},"references":{"reference_data":[{"url":"https://curl.se/docs/CVE-2023-38545.html","refsource":"MISC","name":"https://curl.se/docs/CVE-2023-38545.html"},{"url":"https://security.netapp.com/advisory/ntap-20231027-0009/","refsource":"MISC","name":"https://security.netapp.com/advisory/ntap-20231027-0009/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/"}]}},"nvd":{"publishedDate":"2023-10-18 04:15:00","lastModifiedDate":"2024-04-01 15:45:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.69.0","versionEndExcluding":"8.4.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.19045.3693","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.22000.2600","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.22621.2715","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.22631.2715","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.5122","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.5122","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.2113","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.19044.3693","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}