New Blog | High severity curl vulnerability: prepare with Microsoft Defender for Cloud

On October 2nd, high severity vulnerabilities in curl were preannounced. The curl project has announced that curl8.4.0 will be released on October 11th, earlier than expected. While the vulnerabilities have yet to be disclosed, it is expected that two vulnerabilities will be released: high-severity CVE-2023-38545 and low-severity CVE-2023-38546.  

 

curl is a popular command-line tool and library (libcurl) used to transfer data across network protocols using URL syntax. The library is one of the most widely used open-source projects across most operating systems, including Windows and Linux, and is one of the most popular OSS packages present in clients, embedded systems, and cloud-native applications/containers.  

 

Explicit details on the vulnerabilities, such as vectors and impacted versions, have not been disclosed at this time. We will update this blog post once the details are available after October 11th with further guidance. However, we encourage customers to prepare ahead of time by understanding where and how in their environments they are using curl.  

 

 

Read the full blog here: High severity curl vulnerability: prepare with Microsoft Defender for Cloud - Microsoft Community Hub