Safeguard
Tag

curl

Safeguard articles tagged "curl" — guides, analysis, and best practices for software supply chain and application security.

6 articles

Best Practices

Security considerations for authenticating CLI tools through corporate proxies

Two 2026 curl CVEs show proxy credentials leaking across redirects and reused connections — plus why .npmrc still stores proxy passwords in plaintext.

Jul 12, 20266 min read
Vulnerability Analysis

curl SOCKS5 Heap Overflow (CVE-2023-38545) Explained: When a Long Hostname Broke the Handshake

CVE-2023-38545 is a heap buffer overflow in curl and libcurl's SOCKS5 proxy handshake, triggered when a too-long hostname is copied into a fixed buffer during a slow handshake. Here is the bug.

Jul 8, 20266 min read
Vulnerability Management

Inside CVE-2023-38545: the libcurl SOCKS5 heap overflow

A single off-by-length check in curl's SOCKS5 handshake, live for over three years across libcurl 7.69.0–8.3.x, earned a 9.8 CVSS score and a CWE-787 out-of-bounds write.

Jul 8, 20266 min read
Open Source Security

What the curl CVE disclosures teach about patching embedded C libraries

curl.se lists 206 published CVEs across two decades — two 2023 disclosures show why transitive C-library patching needs its own discipline.

Jul 8, 20267 min read
Vulnerability Response

CVE-2025-9086 in cURL: Patch Posture & SBOM Response

Heap out-of-bounds read in libcurl's cookie path comparison affects nearly every Linux distro. Defender SBOM playbook below.

Sep 12, 20257 min read
Vulnerability Analysis

curl CVE-2023-38545: The Worst curl Vulnerability in Years

A heap buffer overflow in curl's SOCKS5 proxy handshake earned a severity rating of HIGH from curl's creator Daniel Stenberg, who called it the worst curl flaw in a long time.

Oct 11, 20235 min read
curl — Safeguard Blog