Описание
Open Source Curl Remote Code Execution Vulnerability
FAQ
What is the curl open-source project?
Curl is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various network protocols. The name stands for "Client for URL". The Windows implementation provides access to the command-line tool, not the library.
What version of curl addresses this CVE?
Curl version 7.87.0 addresses this vulnerability.
Where can I find more information about this curl vulnerability?
More information can be found at NVD and curl.se
Are there any workarounds that can be implemented?
Preventing the execution of curl.exe is a workaround to be considered
Use a WDAC policy to deny execution of the \system32\curl.exe executable. You can merge the deny into an existing policy or create a new policy with it using the Merge-CIPolicy cmdlet; Merge-CIPolicy (ConfigCI) | Microsoft Learn. Once the policy XML file with the deny has been created or merged with an existing policy it must be deployed.
Choose how to deploy the policy; Deploying Windows Defender Application Control (WDAC) policies | Microsoft Learn
- Deploy using a Mobile Device Management (MDM) solution, such as Microsoft Intune
- Deploy using Microsoft Configuration Manager
- Deploy via script
- Deploy via group policy
For example:
Create a new policy: (These steps will create a new policy named Deny-Curl.xml by merging the deny using the example policy named AllowAll.xml)
Merge into an existing policy
How to undo this workaround?
Guidance for how to remove WDAC policies can be found in the following documentation: Remove Windows Defender Application Control (WDAC) policies
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows 10 Version 1809 for 32-bit Systems | ||
| Windows 10 Version 1809 for x64-based Systems | ||
| Windows 10 Version 1809 for ARM64-based Systems | ||
| Windows Server 2019 | ||
| Windows Server 2019 (Server Core installation) | ||
| Windows 10 Version 20H2 for 32-bit Systems | ||
| Windows 10 Version 20H2 for ARM64-based Systems | ||
| Windows Server 2022 | ||
| Windows Server 2022 (Server Core installation) | ||
| Windows 11 version 21H2 for x64-based Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
DOS
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
A use after free vulnerability exists in curl <7.87.0. Curl can be ask ...
EPSS
5.9 Medium
CVSS3