toast Apparently, it's the worst there has been in a long time... Dropping Wednesday. Gonna be fun! I'll post an update once we know what it is.
Hélène desultory He’s been complaining about bogus CVEs and he’s not the only one suffering from those either as far as i know…
lucihaj It's released: Release blog post CVE-2023-38545: SOCKS5 heap buffer overflow How I made a heap overflow in curl
toast Ok yeah, even if it was super serious (I didn't bother looking) it obv only affects you if you use SOCKS5 which is not that many people.
Hélène mycelium if you’re using curl over Tor i think you have a different problem, especially if you don’t have modern security compilation flags on anything including your libc that would prevent exploitation of this