Recently, the maintainers of the Curl library issued a warning regarding two significant security vulnerabilities, which are slated for resolution in an upcoming update scheduled for October 11, 2023. This advisory pertains to vulnerabilities designated as CVE-2023-38545, classified as high-severity, and CVE-2023-38546, noted as low-severity.
Details regarding the specific version ranges impacted by these vulnerabilities have not been disclosed to mitigate the risk of exploitation before the patch is released. However, it has been indicated that versions spanning the “last several years” are likely affected. Daniel Stenberg, the project’s lead developer, acknowledged the minimal risk of exploitation before the patch, asserting that the vulnerabilities have gone undetected for a significant period.
Curl, utilizing the libcurl component, serves as a widely adopted command-line tool for data transfer via URL syntax. It supports a broad spectrum of protocols, including FTP(S), HTTP(S), IMAP(S), LDAP(S), MQTT, POP3, RTMP(S), SCP, SFTP, SMB(S), SMTP(S), TELNET, WS, and WSS, making it a critical tool for various applications.
While both CVE-2023-38545 and CVE-2023-38546 pose a threat, it is essential to note that the former affects both curl and libcurl, while the latter is specific to libcurl. Saeed Abbasi, a product manager at Qualys Threat Research Unit (TRU), highlighted that version-specific details remain undisclosed to prevent early identification of potential vulnerabilities. The vulnerabilities are set to be rectified in curl version 8.4.0.
Given the significance of this advisory, organizations are urged to conduct immediate assessments and scans of all systems utilizing curl and libcurl. The release of details following the Curl 8.4.0 update on October 11 will allow businesses to identify vulnerable versions more effectively.
In understanding the potential tactics linked to these vulnerabilities, the MITRE ATT&CK framework suggests various adversarial techniques that could have been leveraged, including initial access, privilege escalation, and exploit delivery. The proactive steps taken by the Curl team to address these vulnerabilities underscore the importance of vigilance in cybersecurity practices.
As the cybersecurity landscape evolves, the responsibility falls on businesses to remain informed and prepared. Following updates from trusted sources can aid in mitigating the risks associated with these vulnerabilities, ultimately enhancing the overall security posture of their environments.
