Security
Headlines
HeadlinesLatestCVEs

Tag

#Windows cURL Implementation

CVE-2024-6197: Hackerone: CVE-2024-6197 Freeing stack buffer in utf8asn1str

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.

Microsoft Security Response Center
#rce#Windows cURL Implementation#Security Vulnerability
CVE-2023-38545: MITRE: CVE-2023-38545 SOCKS5 heap buffer overflow

**1\. When will an update be available to address this vulnerability?** Microsoft is fully aware of this issue and is actively working to release version 8.4.0 of curl.exe in a future Windows update for currently supported, on-premise versions of Windows clients and servers. The Security Updates table for this CVE will be updated with the Windows update KB numbers for all supported versions as they are released. Customers will be notified via a revision to this security vulnerability when those KB numbers are available. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. **2\. What is the curl open-source project?** Curl is a computer software project providing a library (libcurl) and command-line tool (...

CVE-2023-38039: Hackerone: CVE-2023-38039 HTTP headers eat all memory

**1\. When will an update be available to address this vulnerability?** Microsoft is fully aware of this issue and is actively working to release version 8.4.0 of curl.exe in a future Windows update for currently supported, on-premise versions of Windows clients and servers. The Security Updates table for this CVE will be updated with the Windows update KB numbers for all supported versions as they are released. Customers will be notified via a revision to this security vulnerability when those KB numbers are available. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. **2\. What is the curl open-source project?** Curl is a computer software project providing a library (libcurl) and command-line tool (...