CVE-2023-38545 Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)
Description
The Palo Alto Networks Product Security Assurance team has evaluated the curl and libcurl vulnerabilities (CVE-2023-38545, CVE-2023-38546) that were disclosed on October 11, 2023 as they relate to our products.
At this time, there are no demonstrated scenarios that enable successful exploitation of these vulnerabilities in our products.
Product Status
Versions | Affected | Unaffected |
---|---|---|
Cloud NGFW | None | All |
Cortex XDR | None | All |
Cortex XDR Agent | None | All |
PAN-OS | None | All |
Prisma Access | None | All |
Prisma Cloud | None | All |
Prisma SD-WAN ION | None | All |
Severity: NONE
CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of these issues in any of our products.
Weakness Type
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Solution
No software updates are required at this time.
Workarounds and Mitigations
Customers with a Threat Prevention subscription can block attacks for CVE-2023-38545 by enabling Threat ID 94436 (Applications and Threats content update 8764).