Skip to content

dbrugman/CVE-2023-38545-POC

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 

Repository files navigation

CVE-2023-38545 POC for the curl command line tool

This POC is based on the earlier POC created by UTsweetyfish, shared in this repository: https://github.com/UTsweetyfish/CVE-2023-38545. Contrary to that POC, this one is for the commandline tool and not the libcurl library, and doesn't require Python and no compilation

This POC is for the curl SOCKS5 heap buffer overflow, and shows how to overflow the receive buffer in the curl command line tool. By default, curl initializes the receive buffer with a size of 100k, which makes it unsusceptible to CVE-2023-38545. But the size of this buffer can be reduced by setting a rate limit (--limit-rate).

To run the POC, first set up a local SOCKS5 proxy using SSH (this requires a locally running SSH server):

ssh -fND 10801 localhost

Next, run the poc.sh scriptt (this requires Netcat (nc) to be installed):

./poc.sh

It might require several attempts to trigger the buffer overflow. If the overflow is triggered, the script will exit with an error code, and an error message indicating that the execution has been aborted. When the overflow failed, and curl was not impacted, then a message is shown indicating that a host with the name "AAAA...." could not be resolved.

Links:

About

CVE-2023-38545 POC for the curl command line tool

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages