CVE-2023-38545
CRITICALlibcurl 7.69.0-8.4.0 - Heap-Based Buffer Overflow in SOCKS5 Proxy Handshake
Title source: llmExploitation Summary
EIP tracks 10 public exploits for CVE-2023-38545. PoCs published by d0rb, UTsweetyfish, imfht.
AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-38545, targeting a SOCKS proxy server vulnerability. The PoC crafts a malicious HTTP response with a reverse shell payload to achieve remote code execution.
Description
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.
Exploits (10)
This repository contains a functional exploit for CVE-2023-38545, targeting a SOCKS proxy server vulnerability. The PoC crafts a malicious HTTP response with a reverse shell payload to achieve remote code execution.
The repository contains a generic curl client and a Python script that reads from a file, but lacks any exploit-specific code or technical details about CVE-2023-38545. The README or additional context is missing, making it unclear how this relates to the vulnerability.
This repository contains a functional proof-of-concept exploit for CVE-2023-38545, a heap-based buffer overflow vulnerability in curl 7.74.0. The exploit involves sending a crafted request with a large input to trigger the vulnerability, demonstrated via a Python script and a modified curl build.
This repository contains a functional PoC for CVE-2023-38545, a heap buffer overflow in libcurl's SOCKS5 proxy handling. The exploit triggers the vulnerability by sending a crafted 301 redirect with an excessively long hostname through a SOCKS5 proxy.
This repository contains a functional exploit for CVE-2023-38545, a heap-based buffer overflow in cURL. The exploit uses a malicious redirect server and a SOCKS5 proxy to trigger a segmentation fault in cURL when processing an overly long 'Location' header.
This repository contains a functional PoC for CVE-2023-38545, a heap buffer overflow vulnerability in curl versions 7.69.0 to 8.3.1. The exploit uses a SOCKS5 proxy and an HTTP server to trigger the vulnerability via crafted HTTP redirects with oversized payloads.
This repository contains a functional proof-of-concept exploit for CVE-2023-38545, a heap buffer overflow in the curl command-line tool when using SOCKS5 proxy with a rate limit. The PoC demonstrates the vulnerability by triggering a buffer overflow via a crafted HTTP response.
This repository provides a functional proof-of-concept for CVE-2023-38545, a buffer overflow vulnerability in curl versions 7.69.0 to 8.3.0. It uses Docker containers to simulate a malicious HTTP server, a SOCKS5 proxy, and a vulnerable curl client to trigger a segmentation fault via a crafted hostname.
This repository contains a functional exploit PoC for CVE-2023-38545, demonstrating a heap-based buffer overflow in cURL via a malicious SOCKS5 proxy. The exploit uses a crafted SOCKS5 proxy to trigger the vulnerability when cURL processes an overly long hostname.
This repository contains a functional PoC for CVE-2023-38545, a heap buffer overflow vulnerability in curl versions 7.69.0 to 8.3.1. The exploit uses a SOCKS5 proxy and an HTTP server to trigger the vulnerability via crafted HTTP redirects with oversized payloads.
References (21)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H