Linux cURL library

Problem Description

A critical vulnerability in cURL provides attackers with the ability to set up a host system that foists an overlong host name on clients when connecting to SOCKS5 proxies.

This results in a buffer overflow that allows remote code execution on the client system.

All cURL versions between 7.69.0 and including 8.3.0 are affected. cURL for Windows and cURL for Python are not affected. Fortunately, there is another limitation. The vulnerability can only be exploited if the SOCKS5 connection is via a proxy.

Additional Content

Please sign in to your mydSPACE account to view this content.

Tags

Date	2025-10-06
Information Type	Notifications
Information Category	Product Security, Troubleshooting

Stay up-to-date with our dSPACE direct newsletter service.

With our dSPACE newsletter service, we will keep you informed about current use cases and new solutions and products, as well as trainings and events. Sign up here for a free subscription.

Enable form call

At this point, an input form from Click Dimensions is integrated. This enables us to process your newsletter subscription. The form is currently hidden due to your privacy settings for our website.

External input form

By activating the input form, you consent to personal data being transmitted to Click Dimensions within the EU, in the USA, Canada or Australia. More on this in our privacy policy.