Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11.
Daniel Stenberg, the original author and lead developer, has said that the more severe of the two vulnerabilities “is probably the worst curl security flaw in a long time.”
About curl and the vulnerabilities
Curl (a command-line tool) and libcurl, a client-side URL transfer library, are developed by the curl project, with the help of contributors and sponsors. They are used to transfer data via a wide variety of network protocols.