IRONSMITHINTEL
HIGHCVSS8.8
|CVE-2023-38545|Auth: none|Reboot: not required|Est. 15–30 minutes|Manual only

curl < 8.4.0

A heap buffer overflow in curl's SOCKS5 proxy handling can be triggered when connecting through an attacker-controlled proxy, potentially allowing remote code execution in any application that uses curl.

Published May 7, 2026 · Updated May 10, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

An attacker who can influence proxy settings or position themselves between the curl client and a SOCKS5 proxy can trigger the heap overflow. In server environments where applications make outbound HTTP requests through a proxy, a compromised proxy server can exploit this vulnerability to execute code in the context of the application making the request.

How the attack works

curl is a widely-used command-line tool and library for transferring data that is bundled into countless applications, scripts, and operating systems. When curl is configured to use a SOCKS5 proxy and the hostname to be resolved is too long, a heap buffer overflow occurs because curl incorrectly handles the handshake when remote DNS resolution fails. This vulnerability affects the curl binary itself and any application using libcurl.

Am I affected?Quick check

Probably yes if any of these apply:

Any server using curl or applications built on libcurl with SOCKS5 proxy configurations
Development servers with Git for Windows
Any server where curl is installed
Running curl 7.69.0 through 8.3.0

Affected OS versions

Windows Server 2016Windows Server 2019Windows Server 2022
Fixed in8.4.0
Real-world incidentsWhat we've seen

curl is present on virtually every Windows Server either directly (via Git for Windows, WSL, or direct installation) or embedded in applications. The severity designation as "HIGH" reflects the constrained exploitation conditions — attackers must control the proxy endpoint. For environments using SOCKS5 proxies for outbound traffic, the risk is elevated.

How to patch

Manual remediation steps

15–30 minutes

Step 1 — Find curl Installations

# Check standalone curl
curl.exe --version 2>$null

# Check Git for Windows bundled curl
$gitCurl = (Get-Command git -ErrorAction SilentlyContinue)?.Source -replace 'git.exe', 'curl.exe'
if ($gitCurl -and (Test-Path $gitCurl)) { & $gitCurl --version }

# Search for curl.exe broadly
Get-ChildItem -Path 'C:\Program Files', 'C:\Program Files (x86)' -Recurse -Filter 'curl.exe' -ErrorAction SilentlyContinue |
    Select-Object FullName

Step 2 — Update curl

Windows 11/Server 2022 — Built-in curl

# Windows curl is updated via Windows Update
winget upgrade curl

Git for Windows bundled curl

1
Download Git for Windows 2.42.0 or later from: gitforwindows.org
2
Run the installer (bundles curl 8.4.0+)

Standalone curl

1
Download curl 8.4.0+ from: curl.se/windows
2
Replace the existing curl.exe

Verification

curl.exe --version
# Must show 8.4.0 or later
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2023-38545NVD