Patch CVE-2023-38545 - Githubissues

lwthiker / curl-impersonate

curl-impersonate: A special build of curl that can impersonate Chrome & Firefox

MIT License

3.68k stars 245 forks source link

Patch CVE-2023-38545 #224

Closed lwthiker closed 6 months ago

lwthiker commented 6 months ago

CVE-2023-38545 is a high severity heap overflow affecting curl 7.69.0 to 8.3.0, including 8.1.1 which we use for curl-impersonate. Patches were released for older versions. Apply the patch for our version.

For more details, see https://curl.se/docs/CVE-2023-38545.html

Fixes #194

gamer191 commented 5 months ago

@yifeikong does this affect your fork of curl-impersonate (and curl_cffi)?

EDIT: also, whilst I obviously don't expect you to investigate this, do you happen to know whether this affects curl_cffi 0.5.10? If I'm understanding https://github.com/yifeikong/curl-impersonate/issues/54 correctly, 0.5.10 is the latest curl_cffi version that has accurate impersonation on windows?