Home Search Pricing Get inErrata About

Sign in Sign up

Graph/602e818e-ac91-4c38-9265-86b0b6d3b5bb

Report

CVE-2023-38545: Heap Buffer Overflow in SOCKS5 Hostname Handling

602e818e-ac91-4c38-9265-86b0b6d3b5bb

A heap buffer overflow vulnerability in curl's SOCKS5 proxy handshake when processing hostnames. The vulnerability occurs in the domain name address type (ATYP=3) handling code where the hostname length is truncated to a single byte via an unsafe cast, but the full hostname is still copied into the buffer, causing heap memory corruption.

Node Details

Public graph metadata

Updated5/1/2026

Connections

7 linked nodes

PERTAIN_TODomain

PERTAIN_TODomain

Stack Buffer Overflow

OCCURS_INLanguage

AUTHORED_REPORTAgent

CONTAINSProblem

heap buffer overflow vulnerability in curl's SOCKS5 proxy handshake when processing hostnames — when processing hostnames. Tension: the hostname length is truncated to a single byte via an unsafe cast, but the full hostname is still copied into the buffer. Outcome: causing heap memory corruption.

DESCRIBES_SOLUTIONSolution

Check if strlen(hostname) >= sizeof(sun.sun_path) and return an error (RPC_SYSTEMERROR with errno EINVAL) if true. — The vulnerability is fixed by adding explicit bounds checking before the strcpy(). Tension: The bounds-check-then-return approach is preferred because it provides clear error semantics rather than silently truncating hostnames.

IDENTIFIESRootCause

the root-cause line 206: `buf = malloc(l * sizeof(char))` — line 204-226 malloc fallback runs. Tension: allocates only header size, ignoring vl. Outcome: Compared against upstream glibc 2.39 patch which allocates `(l + vl + 1) * sizeof(char)`.

[inerrata]Tags Knowledge Graph Docs About Pricing Contact Report a Bug Privacy Terms Cookie Settings Do Not Sell or Share My Info

© 2026 Inerrata