High Severity for Curl en Libcurl CVE-2023-38545 has been brought to our attention.
Tomorrow news will come out about a high severity vulnerability for cURL and libcur. The advice is to conduct an analysis of where this vulnerability occurs.
This has not been posted yet at cve-status.dynatrace.com
Dynatrace CVE status (Common Vulnerabilities and Exposures) - Dynatrace Community
I have opened a Support ticket, as indicated on this page.
Solved! Go to Solution.
I have been following this and it seems that it is going to be at least a local execution exploit. You would probably have to be accessing a nasty site, so you then get exploited locally. Let's see what exactly what it is.
In the meantime, it's important to know if you have curl executing somewhere in your stack. Some of the curl executions might make it to the respective PG as below, but given that it normally executes for only a slight period of time, it might nor be automatically detetected by Dynatrace.
Thanks for the added info @AntonioSousa.
Curl can be found on all Linux boxes where also OneAgents, ActiveGates and Managed Cluster nodes are installed, and regularly utilized as tool in the life of an admin. And of course the Dynatrace admins are very trustworthy people, and will never use dodgy sites, But somehow the Security people are hard to convince 🙂 So I expect that they are persistent in havin the packages updated. I do not think that curl itself is a package that is part of Dynatrace and installed as such, in which case is will be a Linux admin matter.
I have checked if OneAgent & ActiveGate in some form use libcurl, but it doesn't seem to be the case. But eventually, some users might have scripts using curl (I have) that access Dynatrace (and other) API endpoints. I don't expect that to be a risk issue when we know about the vulnerability tomorrow, so let's wait 😉
IMHO, one more risk exaggeration, this time from the curl maintainer. For what I read of the vulnerability:
If you have like a public page that uses underlying curl , have changed the CURLOPT_BUFFERSIZE, have a SOCKS5 proxy (do you????), and it is slow, you might have a problem though!