Summary
Released security updates that fix a vulnerability in cURL, a well-known command-line tool and library for transferring data via URLs.
Notes (updated 14/06/2024): A Proof of Concept (PoC) for the exploitation of the vulnerability CVE-2023-38039 appears to be available on the network.
Risk
Estimated impact of the vulnerability on the target community: MEDIUM/LOW (59.61/100)1.
Type
- Denial of Service
Affected products and versions
cURL, versions 7.84.0 to 8.2.1 (included)
Mitigation actions
In line with vendor statements, it is recommended that the cURL product be upgraded to the latest version available.
Unique vulnerability identifiers
References
https://curl.se/docs/CVE-2023-38039.html
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, prevalence of affected software/devices in the target community.
