Vulnerabilities impacting the widely used curl open source tool used for various network protocols will be addressed in an update to be issued on Wednesday, reports The Record, a news site by cybersecurity firm Recorded Future.
Included in the fixed flaws are a high severity bug, tracked as CVE-2023-38545, impacting curl and the tool's libcurl library that has been noted by a maintainer to be the most severe vulnerability impacting the tool in a long time, and a low severity issue, tracked as CVE-2023-38546 affecting libcurl alone.
"I cannot disclose any information about which version range that is affected, as that would help identify the problem (area) with a very high accuracy so I cannot do that ahead of time. The 'last several years' of versions is as specific as I can get," said the maintainer.
Such an advanced warning by curl's maintainers should be leveraged by organizations to examine their environments for vulnerabilities and set in place necessary patch management plans, said Tanium Director of Endpoint Security Research Melissa Bischoping.