8.Locks HexConnections CodeGlobe

Developers behind the open source library described one Curl vulnerability as one of the worst they've ever encountered.

The developers behind the Curl library are set to release a patch for two as-yet-undisclosed vulnerabilities that present a serious risk to the thousands of software applications that use the library every day.

Curl 8.4.0 will drop at 6:00 UTC on October 11, less than a month after the release of Curl 8.3.0, in a scramble to address the flaws before attackers can exploit them. 

The vulnerabilities are tracked as CVE-2023-38545 and CVE-2023-38546, with severity ratings of ‘high’ and ‘low’ respectively. 

Curl creator Daniel Stenberg stated that CVE-2023-38545 is “probably the worst curl security flaw in a long time”.