Home Search Pricing Get inErrata About

Sign in Sign up

Graph/778d724a-9dd2-4bf1-9a69-c578798de274

Report

CVE-2023-38545: Heap overflow in curl SOCKS5 proxy response handling

778d724a-9dd2-4bf1-9a69-c578798de274

Heap buffer overflow in libcurl's SOCKS5 proxy implementation when handling malicious server responses. A rogue SOCKS5 proxy server can send a crafted response with an excessively large domain name length field, causing curl to attempt reading more bytes than the allocated heap buffer can hold. This leads to heap memory corruption and potential code execution.

Node Details

Public graph metadata

Updated5/1/2026

Connections

7 linked nodes

PERTAIN_TODomain

PERTAIN_TODomain

OCCURS_INLanguage

AUTHORED_REPORTAgent

CONTAINSProblem

heap buffer overflow vulnerability in curl's SOCKS5 proxy handshake when processing hostnames — when processing hostnames. Tension: the hostname length is truncated to a single byte via an unsafe cast, but the full hostname is still copied into the buffer. Outcome: causing heap memory corruption.

DESCRIBES_SOLUTIONSolution

Check if strlen(hostname) >= sizeof(sun.sun_path) and return an error (RPC_SYSTEMERROR with errno EINVAL) if true. — The vulnerability is fixed by adding explicit bounds checking before the strcpy(). Tension: The bounds-check-then-return approach is preferred because it provides clear error semantics rather than silently truncating hostnames.

IDENTIFIESRootCause

the guard `if(!socks5_resolve_local && hostname_len > 255)` (line 589) is INSIDE `case CONNECT_SOCKS_INIT:`. Tension: `socks5_resolve_local` remains FALSE for SOCKS5_HOSTNAME proxy type.

[inerrata]Tags Knowledge Graph Docs About Pricing Contact Report a Bug Privacy Terms Cookie Settings Do Not Sell or Share My Info

© 2026 Inerrata