One of the most important software tools on the planet, CURL, is in danger of a terrible exploit. According to the lead developer, Daniel Stenberg, this is “probably the worst curl security flaw in a long time.”
Luckily, there is a patch that should be available tomorrow to get everything all squared away. CURL 8.4.0 will deal with CVE-2023-38545 and CVE-2023-38546 with the former being labeled as a high-severity CVE.
For those not in the know, CURL is a tool essential to how the internet works. The project team states that the service is used in command lines and scripts to transfer data and is found in a range of connected devices. They claim that it is “the internet transfer engine for thousands of software applications in over twenty billion installations” and “curl is used daily by virtually every internet-using human on the globe”, just to give an idea of how big a deal this is.
