As you may have heard in the media, the Dutch National Cyber Security Center has issued a warning about a vulnerability for the cURL tool, which could potentially cause damage.
cURL, is a utility for transferring data using various network protocols. The program is the world’s most popular and widely used HTTP client library with over ten billion installations.
There is a vulnerability in cURLlib’s SOCKS5 proxy handshake.
An attacker could potentially exploit the vulnerability to cause a crash in the application that uses cURLlib.
Several requirements are necessary to exploit this vulnerability. This includes the use of a SOCKS5 proxy, the use of an extremely long hostname (>255 bytes), and the presence of a rogue server.
For more information, see links: Beveiligingsadvies | Actueel | Nationaal Cyber Security Centrum (ncsc.nl) and curl – SOCKS5 heap buffer overflow – CVE-2023-38545
ScreenCheck took immediate action and checked all systems managed by ScreenCheck, such as the SAAS CardsOnline and Service Portal web servers, for the possible presence of the cURLLib tool.
The outcome of this research is that this tool is installed by default on all servers managed by ScreenCheck.
The cURL tool is required for the correct operation of CardsOnline and/or Service Portal and is therefore installed by default.
However, ScreenCheck does NOT use SOCKS5 proxy, so the vulnerability mentioned does not occur on servers managed by us.
We therefore confirm that the above-mentioned vulnerability does NOT pose a risk to any attacks on the servers managed by SceenCheck.
Even though this vulnerability does not pose a direct risk, ScreenCheck will still plan an update of the cURLlib tool to the latest version on all CardsOnline and ServicePortal servers managed by ScreenCheck.
Regarding CardsOnline servers, which run on-prem and are therefore managed by the organization itself, our advice is to have the cURL tool updated by the IT department.
If you have any further questions about this message, please contact the ScreenCheck support desk via email firstname.lastname@example.org.