Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cURL library high severity vulnerability (CVE-2023-38545) #50

Closed
xomx opened this issue Oct 21, 2023 · 3 comments
Closed

cURL library high severity vulnerability (CVE-2023-38545) #50

xomx opened this issue Oct 21, 2023 · 3 comments
Assignees
@donho

Comments

@xomx
Copy link

xomx commented Oct 21, 2023
edited

https://snyk.io/blog/curl-high-severity-vulnerability-oct-2023/
https://curl.se/docs/CVE-2023-38545.html

Fixable by curl-8.4.0
@pryrt
Copy link

pryrt commented Nov 15, 2023

@donho,

Users are starting to ask about this.
https://community.notepad-plus-plus.org/topic/25136/libcurl-cve-2023-38545-in-updater

@blundsteatcisco
Copy link

The CVE is critical and on our servers with external exposure, we can't downgrade it, which means it's getting management eyeballs over here.

@pryrt
Copy link

pryrt commented Nov 15, 2023
edited

Since it's just a copy of libcurl.dll in the installed Notepad++\updater\ directory, could you just try getting a newer libcurl.dll from somewhere else and overwriting the one in the updater directory? That might at least be a short-term workaround. (I cannot guarantee it will work, but it would be worth trying, if you know another source for the DLL.)

@donho donho self-assigned this Nov 15, 2023
@donho donho closed this as completed in 2dfffa9 Nov 16, 2023
@pryrt pryrt mentioned this issue Nov 18, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@donho donho

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@donho @xomx @pryrt @blundsteatcisco