Security Patch for Two New Flaws in Curl Library Arriving on October 11
Oct 09, 2023
Software Security / Vulnerability
The maintainers of the Curl library have released an advisory warning of two security vulnerabilities that are expected to be addressed as part of an forthcoming update set for release on October 11, 2023. This includes a high-severity and a low-severity flaw tracked under the identifiers CVE-2023-38545 and CVE-2023-38546, respectively. Additional details about the issues and the exact version ranges impacted have been withheld owing to the possibility that the information could be used to "help identify the problem (area) with a very high accuracy." That said, the "last several years" of versions of the library are said to be affected. "Sure, there is a minuscule risk that someone can find this (again) before we ship the patch, but this issue has stayed undetected for years for a reason," Daniel Stenberg, the lead developer behind the project, said in a message posted on GitHub. Curl, powered by libcurl, is a popular command-line tool for tra