Palo Alto Networks Security Advisories / CVE-2023-38545

CVE-2023-38545 Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)


Informational

Description

The Palo Alto Networks Product Security Assurance team has evaluated the curl and libcurl vulnerabilities (CVE-2023-38545, CVE-2023-38546) that were disclosed on October 11, 2023 as they relate to our products.

At this time, there are no demonstrated scenarios that enable successful exploitation of these vulnerabilities in our products.

Product Status

VersionsAffectedUnaffected
Cloud NGFW NoneAll
Cortex XDR NoneAll
Cortex XDR Agent NoneAll
PAN-OS NoneAll
Prisma Access NoneAll
Prisma Cloud NoneAll
Prisma SD-WAN ION NoneAll

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of these issues in any of our products.

Weakness Type

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Solution

No software updates are required at this time.

Workarounds and Mitigations

Customers with a Threat Prevention subscription can block attacks for CVE-2023-38545 by enabling Threat ID 94436 (Applications and Threats content update 8764).

Timeline

Added product status
Updated availability of Threat Signature for CVE-2023-38545 and added product status
Initial Publication
© 2024 Palo Alto Networks, Inc. All rights reserved.