In association with the release of curl 8.4.0, we publish a security advisory and all the details for CVE-2023-38545. This problem is the worst security problem found in curl in a long time. We set it to severity HIGH.

While the advisory contains all the necessary details. I figured I would use a few additional words and expand the explanations for anyone who cares to understand how this flaw works and how it happened.

    • the_ocs@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      The argument for rust is memory safety, which allows you to avoid these very common, often serious, issues.

      It’s an argument that goes far beyond curl, and some random curl clone written in rust.

  • makeasnek
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    These things happen, best you can do is fix them when they do and accept responsibility. Cheers to the devs. Memory-safe languages are the future

  • macallik@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Hmmmm. Maybe this is why Debian pushed a curl update today even though it was also upgraded in 12.2 four days ago