QID 356311

Date Published: 2023-10-16

QID 356311: Amazon Linux Security Advisory for curl : ALAS2023-2023-377

An issue was found in curl that can cause a buffer overflow in its socks5 proxy communications code. when curl is using a socks5 proxy and it needs to resolve a hostname to an ip address, its default behavior is to pass the hostname to the proxy and allow it to perform the resolution.
In cases where the hostname is greater than 255 characters in length, curl will instead attempt to perform the resolution locally and then pass the resolved ip to the proxy for its use.
Due to an issue in the curl source code, the logic that determines whether curl should resolve the name locally or pass it to the proxy for resolution could make an incorrect decision when a slow socks5 handshake occurs.
If this occurs, curl may inadvertently copy an excessively long host name, rather than the resolved address, into the target buffer being prepared for transmission to the proxy, resulting in a buffer overflow. (
( CVE-2023-38545) an issue was found in libcurl which allows cookies to be inserted into a running program if specific conditions are met.
The libcurl provided function, curl_easy_duphandle(), is used to duplicate the easy_handle associated with a transfer.
If a duplicated transfer's easy_handle has cookies enabled when it is duplicated, the cookie-enabled state is cloned but the actual cookies are not.
If the source easy_handle didn't read cookies from disk, the cloned easy_handle will attempt to read cookies from a file named 'none' in the local directory, potentially allowing arbitrary cookies to be loaded. (
( CVE-2023-38546)

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.

CVSS V3 rated as Critical - 9.8 severity.

CVSS V2 rated as Medium - 5.4 severity.

Solution

Please refer to Amazon advisory: ALAS-2023-377 for affected packages and patching details, or update with your package manager.

Vendor References

ALAS2023-2023-377 - alas.aws.amazon.com/AL2023/ALAS-2023-377.html

CVEs related to QID 356311

CVE-2023-38545 | CVE-2023-38546 |

Software Advisories

Advisory ID	Software	Component	Link
ALAS-2023-377	amazon linux		alas.aws.amazon.com/AL2023/ALAS-2023-377.html

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].