This advisory is archived
Archived security advisories updated before March 15, 2024 have been migrated from our previous documentation site in their original format. For this reason, they may not conform to the updated look and feel of advisories published after March 15, 2024.
- Advisory ID: CV_2023_11_2
- Title: Heap Based Buffer Overflow Vulnerability in cURL
- Severity: CRITICAL
- Issued: 2023-11-07
- Updated: 2023-11-07
- CVSS Score Range: 9.0 - 10.0
- Additional Links:
Impacted Products
This vulnerability does not affect Commvault products.
Resolution
As a precautionary measure, we have upgraded the curl component in our product to version 8.4.0.
Download and install the following maintenance releases for your Platform Release on the affected client computers. For more information about installing maintenance releases, see Installing Commvault Software Updates on Demand.
Platform Release | Maintenance Release |
|---|---|
Platform Release 2024 (11.34) | 11.34.13 or higher |
Platform Release 2023E (11.32) | 11.32.35 or higher |
CVE Details
| Info | Description |
|---|---|
| This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. |