(CVE-2023-38545 & CVE-2023-3854) - CURL Zero-day Exploit Vulnerability

Overview

Two vulnerabilities have been reported in cURL, CVE-2023-38545 and CVE-2023-38546. CURL is widely used open-source software for data transfer via URLs. Details are expected to be released on Wednesday, October 11, 2023. Preliminary information from one of the Curl's core maintainers can be found here.

We are actively monitoring the situation and as soon as information is available, we will be analyzing what exposure CodeSonar and CodeSentry have, if any. We will continue to update this page with our plans for CodeSonar and CodeSentry, so please bookmark this article and check back for updates.

In the meantime CodeSentry SCA can help find the usage of Curl in your software and create a Software Bill of Materials (SBOM) which is essential for monitoring software components and their respective versions. Please liaise with your sales representative or email sales@codesecure.com if you are interested in a demo.

CodeSonar

We recommend all our customers read and understand the CWEs, and check their networks for SOCKs5 proxies. Our initial analysis shows that CodeSonar is not vulnerable to these exploits. Consequently, we will not be issuing patches for fielded versions of CodeSonar. We strive to offer a platform that is a secure as possible, so we will update to the most recent version of the CURL libraries in our upcoming release. We will update this article with the release date as soon as possible, to assist you with planning.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

White Papers
Read our white papers to find useful information about software development in the IoT era, where devices must not only function with impeccable quality and safety but also remain resilient to cyber-attacks.
Product Sheets
Read our datasheets and company briefs to gain quick insights into our solutions, products, and integrations, including their capabilities, benefits, and supported environments.
TalkSecure
Topics relating to DevSecOps, application security testing (AST), binary analysis, product security, software assurance and others.
X