curl
Safeguard articles tagged "curl" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Security considerations for authenticating CLI tools through corporate proxies
Two 2026 curl CVEs show proxy credentials leaking across redirects and reused connections — plus why .npmrc still stores proxy passwords in plaintext.
curl SOCKS5 Heap Overflow (CVE-2023-38545) Explained: When a Long Hostname Broke the Handshake
CVE-2023-38545 is a heap buffer overflow in curl and libcurl's SOCKS5 proxy handshake, triggered when a too-long hostname is copied into a fixed buffer during a slow handshake. Here is the bug.
Inside CVE-2023-38545: the libcurl SOCKS5 heap overflow
A single off-by-length check in curl's SOCKS5 handshake, live for over three years across libcurl 7.69.0–8.3.x, earned a 9.8 CVSS score and a CWE-787 out-of-bounds write.
What the curl CVE disclosures teach about patching embedded C libraries
curl.se lists 206 published CVEs across two decades — two 2023 disclosures show why transitive C-library patching needs its own discipline.
CVE-2025-9086 in cURL: Patch Posture & SBOM Response
Heap out-of-bounds read in libcurl's cookie path comparison affects nearly every Linux distro. Defender SBOM playbook below.
curl CVE-2023-38545: The Worst curl Vulnerability in Years
A heap buffer overflow in curl's SOCKS5 proxy handshake earned a severity rating of HIGH from curl's creator Daniel Stenberg, who called it the worst curl flaw in a long time.