Hello,
We have been notified of a vulnerability in the Commvault Agents in tenable. Is there a date by which this vulnerability can be fixed with a patch?
CVE-2023-38545 - Curl 7.69 < 8.4.0 Heap Buffer Overflow
Path : /opt/commvault/Base64/libcurl.so Installed version : 8.0.1 Fixed version : 8.4.0
Regards
Thomas
Hi
You aren’t affected as per: https://access.redhat.com/security/cve/cve-2023-38545
We also don’t use SOCKS5.
I hope this helps.
Regards,
Chris
Hello
yes, this helped me out. Thanks.
Regards
Thomas
What about for the agent running on Ubuntu 22.04.3? Linux FS agent is version 11.32.28
What about windows environment?
Does the latest release (Dec 15 2023) 11.34.x address CVE-2023-38545? Another words did commvault update the version of the following:
PLUGIN OUTPUT - Path : /opt/commvault/Base64/libcurl.so
Installed version : 7.79.0
Fixed version : 8.4.0
A quick search on our documentation site for CVE-2023-38545 shows:
https://documentation.commvault.com/2024/expert/security_vulnerability_and_reporting.html
So it’ll be updated in an upcoming maintenance release for 11.34+
Regards,
Chris
Thank YOU!
Hi
Would you happen to know when we can expect the Maintenance Release which includes the upgraded cURL component?
Apparently, the cURL component was upgraded to 8.4.0 as part of 11.32.36, but seemingly wasn’t really advertised anywhere.
I told the Dev team about your request for a feedback button on the security advisory site. They will look into adding this feature. We think it’s a good idea. :) Hope this helps!
Thank you
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.