Developers behind the open source library described one Curl vulnerability as one of the worst they've ever encountered.
The developers behind the Curl library are set to release a patch for two as-yet-undisclosed vulnerabilities that present a serious risk to the thousands of software applications that use the library every day.
Curl 8.4.0 will drop at 6:00 UTC on October 11, less than a month after the release of Curl 8.3.0, in a scramble to address the flaws before attackers can exploit them.
The vulnerabilities are tracked as CVE-2023-38545 and CVE-2023-38546, with severity ratings of ‘high’ and ‘low’ respectively.
Curl creator Daniel Stenberg stated that CVE-2023-38545 is “probably the worst curl security flaw in a long time”.
