- CheckMates
- :
- Products
- :
- General Topics
- :
- CVE-2023-38545 & CVE-2023-38546
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CVE-2023-38545 & CVE-2023-38546
More information about CVE-2023-38545 & CVE-2023-38546 has been released.
https://curl.se/docs/CVE-2023-38545.html
Has anyone had any update from CKP about this vulnerability in CURL_CLI or other CKP components?
CCSME, CCTE, CCME, CCVS
1 Reply
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My unofficial take, just from reading, is that you'd probably need expert-level access to even exploit this...and leverage SOCKS5.
We don't leverage SOCKS5 at all for any of our automated uses of this tool.
That makes this vulnerability less of a concern and not something that requires an immediate patch.
Meanwhile, I assume we are investigating this issue formally and will provide an SK soon.