Chiwopsezo (CVE-2023-38545) chadziwika pakugwiritsa ntchito kulandira ndi kutumiza deta pa ma curl netiweki ndi laibulale ya libcurl, yomwe ikupangidwa mofananira, zomwe zingayambitse kusefukira kwa buffer komanso kuphatikizika kwa code yowukira pa. mbali ya kasitomala ikafikiridwa pogwiritsa ntchito curl utility kapena kugwiritsa ntchito libcurl, ku seva ya HTTPS yoyendetsedwa ndi wowukira. Vuto limangowoneka ngati mwayi wofikira kudzera pa SOCKS5 proxy wathandizidwa mu curl. Mukalowa molunjika popanda woyimira, chiwopsezo sichikuwoneka. Chiwopsezocho chimakhazikika pakutulutsidwa kwa ma curl 8.4.0. Wofufuza zachitetezo yemwe adapeza cholakwikacho adalandira mphotho ya $4660 monga gawo la Hackerone's Internet Bug Bounty initiative.
Chiwopsezochi chimayamba chifukwa cha cholakwika mu code yosankha dzina la olandila musanalowe ku proxy ya SOCKS5. Ngati dzina la wolandirayo liri lalitali la zilembo za 256, curl nthawi yomweyo amatumiza dzinalo kwa SOCKS5 pulojekiti kuti athetsepo mbali yake, ndipo ngati dzinalo liri ndi zilembo zoposa 255, limasintha kwa womasulira wakomweko ndikudutsa adilesi yomwe yafotokozedwa kale ku SOCKS5. . Chifukwa cha zolakwika mu code, mbendera yosonyeza kufunikira kwa kusamvana kwanuko ikhoza kukhazikitsidwa pamtengo wolakwika panthawi yokambirana pang'onopang'ono ya kulumikizana kudzera pa SOCKS5, zomwe zinapangitsa kujambula kwa dzina lalitali lokhala nawo mu buffer yoperekedwa ndi chiyembekezo. ya kusunga adilesi ya IP kapena dzina , osapitirira zilembo 255.
Mwiniwake watsamba lomwe lafikiridwa ndi ma curl kudzera pa SOCKS5 proxy atha kuyambitsa kusefukira kwa kasitomala-mbali mwa kubweza khodi yolozeranso (HTTP 30x) ndikuyika mutu wa "Location:" kukhala ulalo wokhala ndi dzina la olandila kuchokera ku 16 kupita mmwamba. kufika ku 64 KB (16 KB ndiye kukula kochepa kofunikira kuti kusefukira kosungira komwe mwapatsidwa, ndipo 65 KB ndiye kutalika kwa dzina lovomerezeka mu URL). Ngati pempho lolozeranso limayatsidwa pazikhazikiko za libcurl ndipo woyimira SOCKS5 wogwiritsiridwa ntchito akuchedwa mokwanira, ndiye kuti dzina lalitali la wolandila lidzalembedwa ku buffer yaing'ono, mwachiwonekere ya kukula kochepa.
Chiwopsezocho chimakhudza kwambiri mapulogalamu otengera libcurl ndipo amawonekera muzogwiritsa ntchito ma curl pokha pogwiritsa ntchito njira ya "--limit-rate" yokhala ndi mtengo wochepera 65541 - libcurl mosakhazikika imagawira buffer ya 16 KB kukula kwake, komanso muzogwiritsa ntchito curl. ndi 100 KB, koma kukula kwake kumasintha malinga ndi mtengo wa "-limit-rate" parameter.
Daniel Stenberg, mlembi wa polojekitiyi, adanenanso kuti chiwopsezocho sichinadziwike kwa masiku 1315. Ikunenanso kuti 41% yazovuta zomwe zidadziwika kale mu curl zikadatha kupewedwa ngati ma curl atalembedwa m'chinenero chotetezeka kukumbukira, koma palibe malingaliro olemberanso ma curl m'chinenero china mtsogolomu. Monga njira zopititsira patsogolo chitetezo cha code base, ikufuna kukulitsa zida zoyezera ma code ndikugwiritsa ntchito kwambiri zodalira zolembedwa m'zilankhulo zamapulogalamu zomwe zimatsimikizira kugwira ntchito motetezeka ndi kukumbukira. Ikuganiziranso kuthekera kosintha pang'onopang'ono magawo a ma curl ndi mitundu yolembedwa m'zilankhulo zotetezeka, monga kuyesa kwa Hyper HTTP backend yomwe idakhazikitsidwa mu Rust.
Source: opennet.ru