Closed lwthiker closed 6 months ago
@yifeikong does this affect your fork of curl-impersonate (and curl_cffi)?
EDIT: also, whilst I obviously don't expect you to investigate this, do you happen to know whether this affects curl_cffi 0.5.10? If I'm understanding https://github.com/yifeikong/curl-impersonate/issues/54 correctly, 0.5.10 is the latest curl_cffi version that has accurate impersonation on windows?
CVE-2023-38545 is a high severity heap overflow affecting curl 7.69.0 to 8.3.0, including 8.1.1 which we use for curl-impersonate. Patches were released for older versions. Apply the patch for our version.
For more details, see https://curl.se/docs/CVE-2023-38545.html
Fixes #194