This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
StackCap43382
Contributor
Contributor
‎2023-10-11 01:16 AM

CVE-2023-38545 & CVE-2023-38546

More information about CVE-2023-38545 & CVE-2023-38546 has been released. 

https://curl.se/docs/CVE-2023-38545.html

Has anyone had any update from CKP about this vulnerability in CURL_CLI or other CKP components?

 

CCSME, CCTE, CCME, CCVS
0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2023-10-11 07:53 AM

My unofficial take, just from reading, is that you'd probably need expert-level access to even exploit this...and leverage SOCKS5.
We don't leverage SOCKS5 at all for any of our automated uses of this tool.
That makes this vulnerability less of a concern and not something that requires an immediate patch.

Meanwhile, I assume we are investigating this issue formally and will provide an SK soon.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events