Solved

CVE-2023-38545 - Curl 7.69 < 8.4.0 Heap Buffer Overflow

  • 17 November 2023
  • 7 replies
  • 1175 views

Userlevel 4
Badge +15

Hello,

We have been notified of a vulnerability in the Commvault Agents in tenable. Is there a date by which this vulnerability can be fixed with a patch?

CVE-2023-38545 - Curl 7.69 < 8.4.0 Heap Buffer Overflow

Path : /opt/commvault/Base64/libcurl.so Installed version : 8.0.1 Fixed version : 8.4.0

Regards

Thomas

icon

Best answer by Chris Hollis 20 November 2023, 04:26

View original

7 replies

Userlevel 6
Badge +14

Hi @thomas.S 

You aren’t affected as per: https://access.redhat.com/security/cve/cve-2023-38545

We also don’t use SOCKS5.


I hope this helps.

Regards,

Chris ​​

Userlevel 4
Badge +15

Hello @Chris Hollis

yes, this helped me out. Thanks. 

Regards

Thomas

Badge +1

What about for the agent running on Ubuntu 22.04.3? Linux FS agent is version 11.32.28

Userlevel 2
Badge +8

What about windows environment?

Does the latest release (Dec 15 2023)  11.34.x address CVE-2023-38545?  Another words did commvault update the version of the following:

 

PLUGIN OUTPUT - Path : /opt/commvault/Base64/libcurl.so 

Installed version : 7.79.0 

Fixed version : 8.4.0

Userlevel 6
Badge +14

@bc1410 

A quick search on our documentation site for CVE-2023-38545 shows: 

https://documentation.commvault.com/2024/expert/security_vulnerability_and_reporting.html

 


So it’ll be updated in an upcoming maintenance release for 11.34+


@KurtLO  same applies for 11.32

Regards,
​​​​​​​Chris

 

Userlevel 2
Badge +8

Thank YOU!

Badge +3

Hi @Chris Hollis 

Would you happen to know when we can expect the Maintenance Release which includes the upgraded cURL component?

 

Reply