curl SOCKS5 heap overflow vulnerability

Client URL, or curl, and its library version libcurl are one of the most popular and integrated command line tools for data transfer. They support a wide range of protocols such as HTTP, HTTPS, SMTP and FTP and enable the user to make requests to a URL while handling all standard components of requests such as cookies, authentication and proxies.

On October 11, a high-severity heap-based buffer overflow vulnerability was publicly disclosed in curl versions 7.69.0 to, and including, 8.3.0. For an attacker to leverage this vulnerability, they would need to control the hostname being accessed by curl through a SOCKS5 proxy, and the server would need to respond “slowly.” Typical server latency is likely “slow” enough to trigger this vulnerability without needing a DoS attack or SOCKS server control.

Read more…
Source: Sonicwall