blog.aquasec.com
Open in
urlscan Pro
2606:2c40::c73c:67e4
Public Scan
Submitted URL: https://info.aquasec.com/e3t/Ctc/WX*113/cbBhS04/VVqChn1pt0FsW1d5m0m4W-k09W7Wb0M154whxvN1vWRsg2-ZVTW7lCdLW6lZ3kYW19F0F-7Jk...
Effective URL: https://blog.aquasec.com/new-vulnerability-in-curl-and-libcurl-could-lead-to-heap-buffer-overflow?_hsmi=277949013&_hsenc=...
Submission: On October 11 via api from US — Scanned from DE
Effective URL: https://blog.aquasec.com/new-vulnerability-in-curl-and-libcurl-could-lead-to-heap-buffer-overflow?_hsmi=277949013&_hsenc=...
Submission: On October 11 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
GET https://blog.aquasec.com/hs-search-results
<form action="https://blog.aquasec.com/hs-search-results" method="GET">
<input type="text" class="navbar_search_input" name="term" autocomplete="off" placeholder="Enter a keyword to search the blog">
<input type="hidden" name="type" value="BLOG_POST">
<input type="hidden" name="length" value="SHORT">
<input type="submit" class="navbar_submit_button" value="Search">
</form>POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/1665891/bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c
<form id="hsForm_bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/1665891/bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c"
class="hs-form-private hsForm_bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c hs-form-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c hs-form-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_38e93e6e-6671-4e19-aefe-a748a21b85e8 hs-form stacked"
target="target_iframe_bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166" data-instance-id="38e93e6e-6671-4e19-aefe-a748a21b85e8" data-form-id="bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c" data-portal-id="1665891">
<div class="hs_firstname hs-firstname hs-fieldtype-text field hs-form-field"><label id="label-firstname-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166" class="" placeholder="Enter your First Name"
for="firstname-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166"><span>First Name</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="firstname-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166" name="firstname" placeholder="" type="text" class="hs-input" inputmode="text" autocomplete="given-name" value=""></div>
</div>
<div class="hs_lastname hs-lastname hs-fieldtype-text field hs-form-field"><label id="label-lastname-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166" class="" placeholder="Enter your Last Name"
for="lastname-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166"><span>Last Name</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="lastname-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166" name="lastname" placeholder="" type="text" class="hs-input" inputmode="text" autocomplete="family-name" value=""></div>
</div>
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166" class="" placeholder="Enter your Email"
for="email-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166"><span>Email</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166" name="email" required="" placeholder="" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_comment hs-comment hs-fieldtype-textarea field hs-form-field"><label id="label-comment-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166" class="" placeholder="Enter your Comment"
for="comment-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166"><span>Comment</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><textarea id="comment-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166" class="hs-input hs-fieldtype-textarea" name="comment" required="" placeholder=""></textarea></div>
</div>
<div class="hs_utm_source hs-utm_source hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_source-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166" class="" placeholder="Enter your UTM_Source"
for="utm_source-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166"><span>UTM_Source</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_source" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_campaign hs-utm_campaign hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_campaign-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166" class="" placeholder="Enter your UTM_Campaign"
for="utm_campaign-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166"><span>UTM_Campaign</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_campaign" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_medium hs-utm_medium hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_medium-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166" class="" placeholder="Enter your UTM_Medium"
for="utm_medium-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166"><span>UTM_Medium</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_medium" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_content hs-utm_content hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_content-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166" class="" placeholder="Enter your UTM_Content"
for="utm_content-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166"><span>UTM_Content</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_content" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_term hs-utm_term hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_term-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166" class="" placeholder="Enter your UTM_Term"
for="utm_term-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166"><span>UTM_Term</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_term" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_gclid hs-gclid hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-gclid-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166" class="" placeholder="Enter your GCLID"
for="gclid-bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166"><span>GCLID</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="gclid" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary" value="Submit Comment"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1697052116956","formDefinitionUpdatedAt":"1681717672680","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36","pageTitle":"New Vulnerability in curl and libcurl Could Lead to Heap Buffer Overflow","pageUrl":"https://blog.aquasec.com/new-vulnerability-in-curl-and-libcurl-could-lead-to-heap-buffer-overflow?_hsmi=277949013&_hsenc=p2ANqtz-_fBjvEeiPJxqWY6lIuTFUuozSkoCkSgecTrlPgqCQA3GDTm2_rt8T5tZmXt5dW1MPusi7j6UUrQRGiFm3bKUkzQKi4R8iRsBlE2ZisdfJ-n6rqlLA","pageId":"139676270203","urlParams":{"_hsmi":"277949013","_hsenc":"p2ANqtz-_fBjvEeiPJxqWY6lIuTFUuozSkoCkSgecTrlPgqCQA3GDTm2_rt8T5tZmXt5dW1MPusi7j6UUrQRGiFm3bKUkzQKi4R8iRsBlE2ZisdfJ-n6rqlLA"},"isHubSpotCmsGeneratedPage":true,"canonicalUrl":"https://blog.aquasec.com/new-vulnerability-in-curl-and-libcurl-could-lead-to-heap-buffer-overflow","contentType":"blog-post","hutk":"bbd8cdeb9caa67341b9925a6cb50b856","__hsfp":3335903367,"__hssc":"207889101.1.1697052118553","__hstc":"207889101.bbd8cdeb9caa67341b9925a6cb50b856.1697052118553.1697052118553.1697052118553.1","formTarget":"#hs_form_target_bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c","formInstanceId":"2166","pageName":"New Vulnerability in curl and libcurl Could Lead to Heap Buffer Overflow","locale":"en","timestamp":1697052118562,"originalEmbedContext":{"portalId":"1665891","formId":"bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c","region":"na1","target":"#hs_form_target_bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"2166","formsBaseUrl":"/_hcms/forms","css":"","submitButtonClass":"hs-button primary","isMobileResponsive":true,"pageName":"New Vulnerability in curl and libcurl Could Lead to Heap Buffer Overflow","pageId":"139676270203","contentType":"blog-post","isCMSModuleEmbed":true,"type":"BLOG_COMMENT"},"correlationId":"38e93e6e-6671-4e19-aefe-a748a21b85e8","renderedFieldsIds":["firstname","lastname","email","comment","utm_source","utm_campaign","utm_medium","utm_content","utm_term","gclid"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.3812","sourceName":"forms-embed","sourceVersion":"1.3812","sourceVersionMajor":"1","sourceVersionMinor":"3812","_debug_allPageIds":{"embedContextPageId":"139676270203","analyticsPageId":"139676270203","pageContextPageId":"139676270203"},"_debug_embedLogLines":[{"clientTimestamp":1697052117042,"level":"INFO","message":"Retrieved customer callbacks used on embed context: [\"getExtraMetaDataBeforeSubmit\"]"},{"clientTimestamp":1697052117043,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"New Vulnerability in curl and libcurl Could Lead to Heap Buffer Overflow\",\"pageUrl\":\"https://blog.aquasec.com/new-vulnerability-in-curl-and-libcurl-could-lead-to-heap-buffer-overflow?_hsmi=277949013&_hsenc=p2ANqtz-_fBjvEeiPJxqWY6lIuTFUuozSkoCkSgecTrlPgqCQA3GDTm2_rt8T5tZmXt5dW1MPusi7j6UUrQRGiFm3bKUkzQKi4R8iRsBlE2ZisdfJ-n6rqlLA\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36\",\"urlParams\":{\"_hsmi\":\"277949013\",\"_hsenc\":\"p2ANqtz-_fBjvEeiPJxqWY6lIuTFUuozSkoCkSgecTrlPgqCQA3GDTm2_rt8T5tZmXt5dW1MPusi7j6UUrQRGiFm3bKUkzQKi4R8iRsBlE2ZisdfJ-n6rqlLA\"},\"pageId\":\"139676270203\",\"isHubSpotCmsGeneratedPage\":true}"},{"clientTimestamp":1697052117044,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1697052118558,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"bbd8cdeb9caa67341b9925a6cb50b856\",\"canonicalUrl\":\"https://blog.aquasec.com/new-vulnerability-in-curl-and-libcurl-could-lead-to-heap-buffer-overflow\",\"contentType\":\"blog-post\",\"pageId\":\"139676270203\"}"}]}"><iframe
name="target_iframe_bcc43e1c-30ef-4ea4-9582-44bff8d5ad4c_2166" style="display: none;"></iframe>
</form>POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/1665891/fc3a461b-474b-4bd2-b409-c41d4ec09d8a
<form id="hsForm_fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/1665891/fc3a461b-474b-4bd2-b409-c41d4ec09d8a"
class="hs-form-private hsForm_fc3a461b-474b-4bd2-b409-c41d4ec09d8a hs-form-fc3a461b-474b-4bd2-b409-c41d4ec09d8a hs-form-fc3a461b-474b-4bd2-b409-c41d4ec09d8a_b0588e39-87f2-4343-9ecd-9288cf201d0b hs-form stacked"
target="target_iframe_fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238" data-instance-id="b0588e39-87f2-4343-9ecd-9288cf201d0b" data-form-id="fc3a461b-474b-4bd2-b409-c41d4ec09d8a" data-portal-id="1665891">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238" class="" placeholder="Enter your Email Address" for="email-fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238"><span>Email
Address</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238" name="email" required="" placeholder="" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_blog_default_hubspot_blog_subscription hs-blog_default_hubspot_blog_subscription hs-fieldtype-radio field hs-form-field" style="display: none;"><label
id="label-blog_default_hubspot_blog_subscription-fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238" class="" placeholder="Enter your Notification Frequency"
for="blog_default_hubspot_blog_subscription-fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238"><span>Notification Frequency</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="blog_default_hubspot_blog_subscription" class="hs-input" type="hidden" value="instant"></div>
</div>
<div class="hs_utm_source hs-utm_source hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_source-fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238" class="" placeholder="Enter your UTM_Source"
for="utm_source-fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238"><span>UTM_Source</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_source" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_campaign hs-utm_campaign hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_campaign-fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238" class="" placeholder="Enter your UTM_Campaign"
for="utm_campaign-fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238"><span>UTM_Campaign</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_campaign" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_medium hs-utm_medium hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_medium-fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238" class="" placeholder="Enter your UTM_Medium"
for="utm_medium-fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238"><span>UTM_Medium</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_medium" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_content hs-utm_content hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_content-fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238" class="" placeholder="Enter your UTM_Content"
for="utm_content-fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238"><span>UTM_Content</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_content" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_term hs-utm_term hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_term-fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238" class="" placeholder="Enter your UTM_Term"
for="utm_term-fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238"><span>UTM_Term</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_term" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Subscribe"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1697052116962","formDefinitionUpdatedAt":"1669751364161","renderRawHtml":"true","isLegacyThemeAllowed":"true","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36","pageTitle":"New Vulnerability in curl and libcurl Could Lead to Heap Buffer Overflow","pageUrl":"https://blog.aquasec.com/new-vulnerability-in-curl-and-libcurl-could-lead-to-heap-buffer-overflow?_hsmi=277949013&_hsenc=p2ANqtz-_fBjvEeiPJxqWY6lIuTFUuozSkoCkSgecTrlPgqCQA3GDTm2_rt8T5tZmXt5dW1MPusi7j6UUrQRGiFm3bKUkzQKi4R8iRsBlE2ZisdfJ-n6rqlLA","pageId":"139676270203","urlParams":{"_hsmi":"277949013","_hsenc":"p2ANqtz-_fBjvEeiPJxqWY6lIuTFUuozSkoCkSgecTrlPgqCQA3GDTm2_rt8T5tZmXt5dW1MPusi7j6UUrQRGiFm3bKUkzQKi4R8iRsBlE2ZisdfJ-n6rqlLA"},"isHubSpotCmsGeneratedPage":true,"canonicalUrl":"https://blog.aquasec.com/new-vulnerability-in-curl-and-libcurl-could-lead-to-heap-buffer-overflow","contentType":"blog-post","hutk":"bbd8cdeb9caa67341b9925a6cb50b856","__hsfp":3335903367,"__hssc":"207889101.1.1697052118553","__hstc":"207889101.bbd8cdeb9caa67341b9925a6cb50b856.1697052118553.1697052118553.1697052118553.1","formTarget":"#hs_form_target_module_14538258496742317_4238","formInstanceId":"4238","pageName":"New Vulnerability in curl and libcurl Could Lead to Heap Buffer Overflow","locale":"en","timestamp":1697052118565,"originalEmbedContext":{"portalId":"1665891","formId":"fc3a461b-474b-4bd2-b409-c41d4ec09d8a","region":"na1","target":"#hs_form_target_module_14538258496742317_4238","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"4238","formsBaseUrl":"/_hcms/forms","css":"","inlineMessage":"Thanks for Subscribing!","isMobileResponsive":true,"pageName":"New Vulnerability in curl and libcurl Could Lead to Heap Buffer Overflow","pageId":"139676270203","contentType":"blog-post","formData":{"cssClass":"hs-form stacked"},"isCMSModuleEmbed":true},"correlationId":"b0588e39-87f2-4343-9ecd-9288cf201d0b","renderedFieldsIds":["email","blog_default_hubspot_blog_subscription","utm_source","utm_campaign","utm_medium","utm_content","utm_term"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.3812","sourceName":"forms-embed","sourceVersion":"1.3812","sourceVersionMajor":"1","sourceVersionMinor":"3812","_debug_allPageIds":{"embedContextPageId":"139676270203","analyticsPageId":"139676270203","pageContextPageId":"139676270203"},"_debug_embedLogLines":[{"clientTimestamp":1697052117066,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"New Vulnerability in curl and libcurl Could Lead to Heap Buffer Overflow\",\"pageUrl\":\"https://blog.aquasec.com/new-vulnerability-in-curl-and-libcurl-could-lead-to-heap-buffer-overflow?_hsmi=277949013&_hsenc=p2ANqtz-_fBjvEeiPJxqWY6lIuTFUuozSkoCkSgecTrlPgqCQA3GDTm2_rt8T5tZmXt5dW1MPusi7j6UUrQRGiFm3bKUkzQKi4R8iRsBlE2ZisdfJ-n6rqlLA\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36\",\"urlParams\":{\"_hsmi\":\"277949013\",\"_hsenc\":\"p2ANqtz-_fBjvEeiPJxqWY6lIuTFUuozSkoCkSgecTrlPgqCQA3GDTm2_rt8T5tZmXt5dW1MPusi7j6UUrQRGiFm3bKUkzQKi4R8iRsBlE2ZisdfJ-n6rqlLA\"},\"pageId\":\"139676270203\",\"isHubSpotCmsGeneratedPage\":true}"},{"clientTimestamp":1697052117067,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1697052118563,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"bbd8cdeb9caa67341b9925a6cb50b856\",\"canonicalUrl\":\"https://blog.aquasec.com/new-vulnerability-in-curl-and-libcurl-could-lead-to-heap-buffer-overflow\",\"contentType\":\"blog-post\",\"pageId\":\"139676270203\"}"}]}"><iframe
name="target_iframe_fc3a461b-474b-4bd2-b409-c41d4ec09d8a_4238" style="display: none;"></iframe>
</form>Text Content
Aqua uses website cookies to give visitors a better service. To find out more
about the cookies we use, see our Privacy Policy
Accept Decline
Aqua Security
* Products
* Solutions
* Resources
* Company
Search Sign In Try Aqua
Aqua Blog
Yakir Kadkoda Assaf Morag
October 11, 2023
NEW VULNERABILITY IN CURL AND LIBCURL COULD LEAD TO HEAP BUFFER OVERFLOW
A new high severity vulnerability (CVE-2023-38545) was published today along
with a technical blog around the popular open source project, curl. This
vulnerability could potentially, under various conditions, cause a heap
overflow, which might lead to unexpected behavior, crashes, or potentially code
execution. Therefore, the developer community should pay extra attention to this
vulnerability and remediate any potential risks to their environments. In this
blog we explain the vulnerability, its implications, and how Aqua security can
help you detect it.
THE NEW HIGH SEVERITY VULNERABILITY IN CURL AND LIBCURL
In short, this newly discovered vulnerability in the immensely popular
open-source project curl may allow, under certain conditions, to cause a heap
buffer overflow in the client side. A heap buffer overflow means that data is
written outside the bounds of dynamically allocated memory (on the heap) due to
insufficient boundary checks. This in turn can lead to denial of service, data
corruption, arbitrary code execution, privilege escalation, bypass of security
controls. This vulnerability was present in curl for over three years before
being identified and fixed.
Affected versions:
* Affected versions: libcurl 7.69.0 to and including 8.3.0
* Not affected versions: libcurl < 7.69.0 and >= 8.4.0
* Introduced-in: https://github.com/curl/curl/commit/4a4b63daaa
Much like log4j, ‘libcurl’ is used by many applications, but not always
advertised as such.
A TECHNICAL DEEP DIVE TO THE VULNERABILITY
CVE-2023-38545 depends on using SOCKS5, which is a proxy protocol often used to
access the internet within organizations or in anonymized internet such as The
Onion Router (TOR).
When sending a curl request to SOCKS5 it will need to resolve the hostname and
“translate” it via DNS to an IP address. This DNS request could happen either
locally (on the requesting server) or on remote (the SOCKS5 server).
Figure 1: code snippets in curl which contain the 255 bytes inspection
If the hostname is detected to be longer than 255 bytes, curl switches to local
name resolving and instead passes on the resolved address only to the proxy. Due
to a bug, the local variable that means "let the host resolve the name" could
get the wrong value during a SOCKS5 handshake, and contrary to the intention,
copy the too long hostname to the target buffer instead of copying just the
resolved address there. This flaw makes curl overflow a heap based buffer in the
SOCKS5 proxy handshake.
A POSSIBLE EXPLOITATION OF THIS VULNERABILITY
As depicted in figure 2 below, if a threat actor has control over an HTTPS
server that receives a request from a curl client using the vulnerable ‘libcurl’
over a SOCKS5 proxy (using the proxy-resolver-mode) it can generate and return a
crafted redirect to the client via a HTTP 30x response.
Figure 2: CVE-2023-38545 possible exploitation flow
The “30x redirection” would then contain a Location, where the hostname is
longer than 16kB and up to 64kB. For example, lets us create a malicious server
using Perl (the code is taken from the HackerOne report):
Figure 3: a mock Perl code on the attacker’s controlled HTTPS server
So, if a victim is using the vulnerable ‘libcurl’ version, has the automatic
redirect-following enabled running the following curl command (‘socks-server’
refer to his SOCKS5 proxy IP address, and the ‘attacker-IP’ refer to the IP
address controlled by an attacker that appears in the snippet in figure 3
above):
Figure 4: an example to a curl request by a victim via SOCKS5 proxy
The crafted hostname will be copied into the buffer, which has a too small
buffer allocated, and into the adjacent heap memory. Subsequentially a heap
buffer overflow has occurred.
DEPENDENCIES FOR SUCCESSFUL EXPLOITATION:
* Sending a request to an HTTPS server controlled by an attacker. This is a
plausible scenario of an attacker having control over a server that the curl
client will send a request.
* Attacker redirects a response. The attacker's server should be able to send a
redirect response (HTTP 30x) to the curl client. This redirect would point to
a maliciously crafted long hostname.
* Automatic Redirect Following: The curl client should have the feature to
automatically follow redirects enabled. If it's off, the client won't follow
the malicious redirect, and the overflow won't occur.
* Crafted Hostname: The attacker needs to craft a hostname that's not only long
enough to cause the overflow but also contains specific byte values that
won't be rejected by curl or any Internationalized Domain Name (IDN) library
it might be using.
In summary, the vulnerability lies in how curl handles long hostnames when
connecting via a SOCKS5 proxy. For an attacker to exploit this, they need to
control a server, use it to send a malicious redirect to a curl client, and rely
on specific conditions in the client's configuration and the behavior of the
SOCKS5 proxy.
POSSIBLE IMPACT
We assume that in one scenario of exploitation of this vulnerability when the
resolution is made locally, it could lead to a privacy violation. A local DNS
query could possibly deanonymize a user who specifically requests SOCKS5.
In a second scenario, when the resolution is made remotely with a malformed
SOCKS packet. The threat actor has written to the heap and likely overwritten
in-use data that come after data->state.buffer.
It's undefined behavior at best and possible RCE at worst. The full list of
implications of Heap Overflow:
1. Data Corruption: Overflowing the buffer can corrupt data in adjacent memory
locations, leading to unpredictable program behavior.
2. Denial of Service: The program can crash if critical data structures are
corrupted due to the overflow.
3. Arbitrary Code Execution: A skilled attacker can exploit a heap overflow
vulnerability to run arbitrary code. By carefully crafting the overflow, an
attacker can overwrite function pointers or other critical data structures
on the heap, redirecting the program's execution flow to their malicious
code.
4. Privilege Escalation: If a vulnerable program runs with elevated privileges,
exploiting it can grant the attacker those same privileges, allowing them to
perform unauthorized actions on the system.
5. Bypassing Security Mechanisms: Modern operating systems implement various
security mechanisms, such as ASLR (Address Space Layout Randomization) and
DEP/NX (Data Execution Prevention/No Execute). However, certain heap
overflow techniques, combined with other exploits, can bypass these
protections.
DETECTION AND REMEDIATION WITH AQUA’S CNAPP
Utilizing Aqua’s cloud native application protection platform (CNAPP) you can
both detect this vulnerability and prioritize it across your running workloads
and further environments (VMs).
The platform takes a proactive approach by showing the Software Bill of
Materials (SBOM), detecting the relevant CVE, establishing network connectivity
and dependencies and prioritizing this vulnerability in comparison to other
vulnerabilities and the various environments, leading to prioritization of the
workload to remediate this vulnerability, ensuring that development teams can
focus on the most impactful remediation efforts.
Figure 5: detection of the vulnerability by the Aqua platform
Figure 6: scan result of a non-vulnerable version
Below are the actionable recommendations that can be taken to ensure your
impacted environments safety:
1. Upgrade curl to version 8.4.0, curl will no longer switch to local resolve
mode if the name is too long but is instead rightfully returning an error.
* Fixed version
* Patch collection for older versions
2. Apply the patch to your local version
3. If possible, avoid using CURLPROXY_SOCKS5_HOSTNAME proxies with curl and
disable ‘proxy-resolver-mode’
4. If possible, do not set a proxy environment variable to ‘socks5h://’
YAKIR KADKODA
Yakir is a Security Researcher at Aqua Nautilus, Aqua’s research team. He
focuses on finding and researching new vulnerabilities and attack vectors in
cloud native environments. Prior to Aqua, he worked as a red teamer. When he is
not at work, he enjoys baking and cooking and is particularly interested in the
science of cooking.
ASSAF MORAG
Assaf is a Lead Data Analyst at Aqua Nautilus research team, he focuses on
supporting the data needs of the team, obtaining threat intelligence and helping
Aqua and the industry stay at the forefront of new threats and methodologies for
protection. His work has been published in leading info security publications
and journals across the globe, and most recently he contributed to the new MITRE
ATT&CK Container Framework.
First Name
Last Name
Email*
Comment*
UTM_Source
UTM_Campaign
UTM_Medium
UTM_Content
UTM_Term
GCLID
SUBSCRIBE TO EMAIL UPDATES
Email Address*
Notification Frequency
UTM_Source
UTM_Campaign
UTM_Medium
UTM_Content
UTM_Term
POPULAR POSTS
* A Brief History of Containers: From the 1970s Till Now
* Top 20 Docker Security Best Practices: Ultimate Guide
* Kubernetes Secrets: How to Create, Use, and Secure Them
* Which Kubernetes Management Platform is Right for You?
* Threat Alert: Kinsing Malware Attacks Targeting Container Environments
FILTER BY TOPIC
* Container Security (111)
* Kubernetes Security (94)
* Security Threats (87)
* Cloud Native Security (82)
* Image Vulnerability Scanning (49)
* Aqua Open Source (47)
* AWS Security (36)
* Docker Security (35)
* Runtime Security (35)
* Vulnerability Management (34)
* CSPM (27)
* Software Supply Chain Security (27)
* Cloud compliance (24)
* Container Vulnerability (24)
* DevSecOps (24)
* Aqua Security (21)
* CI/CD (17)
* CNAPP (17)
* Secrets (12)
* Supply Chain Attacks (12)
* Application Security (11)
* Serverless-Security (11)
* ebpf (10)
* Host Security (9)
* Kubernetes (9)
* Advanced malware protection (8)
* Cloud security conferences (8)
* Fargate (8)
* Malware Attacks (8)
* Cloud Workload Protection Platform CWPP (7)
* Hybrid Cloud Security (7)
* Attack Vector (6)
* Container platforms (6)
* Google cloud security (6)
* OpenShift (6)
* SBOMs (6)
* Secure VM (6)
* Security Policy (6)
* Infrastructure-as-Code (IaC) (5)
* Security Automation (5)
* Windows Containers (5)
* Azure security (4)
* Cloud security (4)
* Docker containers (4)
* Kubernetes RBAC (4)
* Service Mesh (4)
* Container Deployment (3)
* IBM Cloud (3)
* Microservices (3)
* Nano-Segmentation (3)
* Agentless Security (2)
* FaaS (2)
* Network Firewall (2)
* VMware Tanzu (2)
* code security (2)
* Advanced Threat Mitigation (1)
* Cloud VM (1)
* Drift Prevention (1)
* Kubernetes Authorization (1)
* Network (1)
* shift Left security (1)
Show more...
Aqua Container Security
Aqua Security is the largest pure-play cloud native security company, providing
customers the freedom to innovate and accelerate their digital transformations.
The Aqua Platform is the leading Cloud Native Application Protection Platform
(CNAPP) and provides prevention, detection, and response automation across the
entire application lifecycle to secure the supply chain, secure cloud
infrastructure and secure running workloads wherever they are deployed.
Aqua customers are among the world’s largest enterprises in financial services,
software, media, manufacturing and retail, with implementations across a broad
range of cloud providers and modern technology stacks spanning containers,
serverless functions and cloud VMs.
Copyright © 2023 Aqua Security Software Ltd.
Use Cases
* Automate DevSecOps
* Modernize Security
* Compliance and Auditing
* Serverless Containers & Functions
* Hybrid and Multi Cloud
Environments
* Kubernetes Security
* OpenShift Security
* Docker Security
* AWS Cloud Security
* Azure Cloud Security
* Google Cloud Security
* VMware PKS Security
Contact Us
* Contact Us
* Contact Support
Products
* Aqua Cloud native security
* Open Source Container Security
* Platform Integrations
Resources
* Live Webinars
* O’Reilly Book: Kubernetes Security
* Cloud native Wiki
About Us
* About Aqua
* Newsroom
* Careers