KACE response to the Curl Vulnerability CVE-2023-38545 & Libcurl Vulnerability CVE-2023-38546 (4373692)

立即与支持人员聊天

反馈已提交

本文是否解决了您的问题？

选择评级

标题

KACE response to the Curl Vulnerability CVE-2023-38545 & Libcurl Vulnerability CVE-2023-38546
说明

This article addresses the status of the KACE SMA, KACE SDA, and KACE Cloud products regarding published vulnerabilities related to Curl & Libcurl.
For more details about the vulnerability please refer to:
CVE-2023-38545, addresses a buffer overflow flaw that impacts both libcurl and the curl command line tool. The overflow can occur during a SOCKS5 handshake.
CVE-2023-38546 is associated with a cookie injection flaw, but curl maintainers suggest that the series of conditions that must be met makes the likelihood of exploitation low.
解决办法
It is confirmed that the Curl & Libcurl and associated vulnerabilities described under CVE-2023-38545 & CVE-2023-38545 does not impact the KACE SMA, KACE SMA Agent, KACE SDA, or the KACE Cloud agent, however all affected versions of these components will be updated in an upcoming major release.
In both CVE notifications, it should be noted that specific conditions must be met to allow exploitation, and KACE Support has not been notified of any affected implementations at the time of publication.
- ```
Quest recommends that all customers ensure they are running a configuration recommended by the CVE’s.
```
- ```
Quest recommends that all customers ensure they are running a supported version of the KACE SMA and KACE SDA appliances.
```
For any questions or assistance on this topic please contact our Tech Support.

反馈已提交

本文是否解决了您的问题？

选择评级

建议的内容

产品：: KACE Asset Management Appliance
13.1, 13.0; KACE Service Desk
13.1, 13.0; KACE Systems Deployment Appliance
9.2; KACE Systems Management Appliance
13.1, 13.0; KACE as a Service
13.1, 13.0

标题