{"id":54096,"date":"2023-10-11T18:41:47","date_gmt":"2023-10-11T18:41:47","guid":{"rendered":"http:\/\/17242dea-9d0b-4349-a55f-510da1c63748"},"modified":"2023-10-11T18:41:47","modified_gmt":"2023-10-11T18:41:47","slug":"nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\/","title":{"rendered":"Nasty bug discovered in widely used Linux utility curl, and patches already rolled out"},"content":{"rendered":"
\n
\n
\"abstract<\/picture><\/div>\n

<\/div>\n

Weiquan Lin\/Getty Images<\/span><\/figcaption><\/figure>\n

For the most part, ordinary Linux users don’t know what curl<\/a> is. Programmers and system administrators know the utility well, though. <\/p>\n

This shell command and its associated library, libcurl<\/a>, is used to transfer data over every network protocol you’ve ever heard of, and it’s used in desktops, servers, clouds, cars, television sets, routers, and pretty much every Internet of Things (IoT) device. Curl’s developers estimate it’s used in over twenty billion instances. And now there’s a potentially nasty security bug in it, CVE-2023-38545<\/a>.<\/p>\n

Also: Google Cloud, AWS, and Cloudflare report largest DDoS attacks ever<\/a><\/strong><\/p>\n

How nasty? Curl’s lead developer, Daniel Stenberg, wrote in a blog post that it’s “the worst security problem found in curl in a long time.<\/a>” He should know.<\/p>\n

Security experts agree. This is, in a word, bad. <\/p>\n

As Saeed Abbasi, Qualys Threat Research Unit Product Manager, warned: <\/p>\n

\n

Organizations must act swiftly to inventory, scan, and update all systems utilizing curl<\/a> and libcurl. In particular, the gravity of the high-severity vulnerability mandates immediate and cautious attention to safeguarding interconnected and web-aware applications, ensuring the rich data transfer functionality curl and libcurl provide remain unimpaired and secure.<\/p>\n<\/blockquote>\n

Specifically, the security hole can be invoked when someone is using the SOCKS5<\/a> proxy protocol. This rather simple protocol sets up network communication via a dedicated “middleman.” The protocol is used when communicating over Tor<\/a>, the open-source internet software used to enable anonymous communication and to access the internet from within organizations and companies privately. Some virtual private networks<\/a>, such as NordVPN<\/span><\/a><\/span>, Private Internet Access<\/span><\/a><\/span>, and Hide.Me<\/span><\/a><\/span>, offer it to enable their users to get around internet content blocks and to ensure their anonymity. <\/p>\n

<\/p>\n

In a Mastodon conversation, Steinberg said, “Perhaps most realistically, a Tor user (which normally uses SOCKS5) going to a HTTPS site<\/a> that has been breached or similar” is the most likely to fall into this security hole. <\/p>\n

Also: 7 things even new Linux users can do to better secure the OS<\/a><\/strong><\/p>\n

CVE-2023-38545 is a memory heap overflow<\/a> hole. It can possibly be exploited for remote code execution. There are already proofs of concept showing how an attack could be made using the curl hole<\/a>. <\/p>\n

The security hole was introduced in February<\/a> 2020 and affects libcurl versions from 7.69.0 to and including 8.3.0.   <\/p>\n

Steinberg is embarrassed by his mistake: <\/p>\n

\n

Reading the code now, it is impossible not to see the bug. Yes, it truly aches having to accept the fact that I did this mistake without noticing and that the flaw then remained undiscovered in code for 1315 days. I apologize. I am but a human. \u2026 In hindsight, shipping a heap overflow in code installed in over twenty billion instances is not an experience I would recommend.<\/p>\n<\/blockquote>\n

Not everyone thinks it’s that big a deal. Bill Demirkapi, a member of the Microsoft Security Response Center Vulnerability and Mitigations team, tweeted on Twitter, aka X, that, “The ‘worst security problem found in curl in a long time’ is only accessible if the victim is using a SOCKS5 proxy & connects to a rogue server or is under a MitM [Man in the Middle] attack? I’m going back to sleep<\/a>.” <\/p>\n

Less snarkily, the software supply chain company JFrog observed: <\/p>\n

\n

It can be assumed with good confidence that this vulnerability will get exploited in the wild<\/a> for remote code execution, with more sophisticated exploits being developed. However \u2013 the set of pre-conditions needed in order for a machine to be vulnerable (see previous section) is more restrictive than initially believed. Therefore, we believe the vast majority of curl users won’t be affected by this vulnerability.<\/p>\n<\/blockquote>\n

To be precise, the preconditions needed to spark the problem into a curl security fire<\/a> are:<\/p>\n

    \n
  1. \n

    The curl request is made via socks5h.<\/p>\n<\/li>\n

  2. \n

    The curl state machine’s negotiation buffer is smaller than ~65k.<\/p>\n<\/li>\n

  3. \n

    The SOCKS server’s “hello” reply is delayed.<\/p>\n<\/li>\n

  4. \n

    The attacker sets a final destination hostname larger than the negotiation buffer.<\/p>\n<\/li>\n<\/ol>\n

    That’s a lot of preconditions. <\/p>\n

    Still, given Curl’s extensive use across various operating systems, applications, and IoT devices, Steinberg’s early announcement of the problem was a smart strategic move. It provided organizations ample time to audit their systems, identify all instances of curl and libcurl in use, and develop a comprehensive plan for enterprise-wide patching.<\/p>\n

    Also: Newly discovered Android malware has infected thousands of devices<\/a><\/strong><\/p>\n

    The curl project didn’t stop there; information about the flaws was concurrently shared with developers of various Linux, Unix, and Unix-like distributions. This collaborative approach ensured that patches and updated packages were ready before the official release of curl v8.4.0.<\/p>\n

    So both I and the curl project strongly recommend users to update to curl\/libcurl version 8.4.0 or apply patches to older versions to mitigate the risks associated with these vulnerabilities. <\/p>\n

    Since libcurl\/curl is a default component in many Linux distributions and baked into numerous container images, Linux users should be vigilant and look out for releases by these providers. Most of the major Linux distributors already have the patches out. <\/p>\n

    READ MORE HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    Curl is built into and silently used in numerous Linux distributions. A nasty security hole within it has been revealed and patched.
    \nREAD MORE HERE…<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-54096","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"\nNasty bug discovered in widely used Linux utility curl, and patches already rolled out 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Nasty bug discovered in widely used Linux utility curl, and patches already rolled out 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-11T18:41:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/1d41a963853a6cff806fea4a6ed9c56c74378520\/2023\/10\/11\/778ec254-7053-4e22-960b-4837bc5200f7\/gettyimages-1474277379.jpg?auto=webp&width=1280\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Nasty bug discovered in widely used Linux utility curl, and patches already rolled out\",\"datePublished\":\"2023-10-11T18:41:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\\\/\"},\"wordCount\":874,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/1d41a963853a6cff806fea4a6ed9c56c74378520\\\/2023\\\/10\\\/11\\\/778ec254-7053-4e22-960b-4837bc5200f7\\\/gettyimages-1474277379.jpg?auto=webp&width=1280\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\\\/\",\"name\":\"Nasty bug discovered in widely used Linux utility curl, and patches already rolled out 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/1d41a963853a6cff806fea4a6ed9c56c74378520\\\/2023\\\/10\\\/11\\\/778ec254-7053-4e22-960b-4837bc5200f7\\\/gettyimages-1474277379.jpg?auto=webp&width=1280\",\"datePublished\":\"2023-10-11T18:41:47+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/1d41a963853a6cff806fea4a6ed9c56c74378520\\\/2023\\\/10\\\/11\\\/778ec254-7053-4e22-960b-4837bc5200f7\\\/gettyimages-1474277379.jpg?auto=webp&width=1280\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/1d41a963853a6cff806fea4a6ed9c56c74378520\\\/2023\\\/10\\\/11\\\/778ec254-7053-4e22-960b-4837bc5200f7\\\/gettyimages-1474277379.jpg?auto=webp&width=1280\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Nasty bug discovered in widely used Linux utility curl, and patches already rolled out\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Nasty bug discovered in widely used Linux utility curl, and patches already rolled out 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\/","og_locale":"en_US","og_type":"article","og_title":"Nasty bug discovered in widely used Linux utility curl, and patches already rolled out 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-10-11T18:41:47+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/1d41a963853a6cff806fea4a6ed9c56c74378520\/2023\/10\/11\/778ec254-7053-4e22-960b-4837bc5200f7\/gettyimages-1474277379.jpg?auto=webp&width=1280","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Nasty bug discovered in widely used Linux utility curl, and patches already rolled out","datePublished":"2023-10-11T18:41:47+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\/"},"wordCount":874,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/1d41a963853a6cff806fea4a6ed9c56c74378520\/2023\/10\/11\/778ec254-7053-4e22-960b-4837bc5200f7\/gettyimages-1474277379.jpg?auto=webp&width=1280","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\/","url":"https:\/\/www.threatshub.org\/blog\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\/","name":"Nasty bug discovered in widely used Linux utility curl, and patches already rolled out 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/1d41a963853a6cff806fea4a6ed9c56c74378520\/2023\/10\/11\/778ec254-7053-4e22-960b-4837bc5200f7\/gettyimages-1474277379.jpg?auto=webp&width=1280","datePublished":"2023-10-11T18:41:47+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/1d41a963853a6cff806fea4a6ed9c56c74378520\/2023\/10\/11\/778ec254-7053-4e22-960b-4837bc5200f7\/gettyimages-1474277379.jpg?auto=webp&width=1280","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/1d41a963853a6cff806fea4a6ed9c56c74378520\/2023\/10\/11\/778ec254-7053-4e22-960b-4837bc5200f7\/gettyimages-1474277379.jpg?auto=webp&width=1280"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/nasty-bug-discovered-in-widely-used-linux-utility-curl-and-patches-already-rolled-out\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Nasty bug discovered in widely used Linux utility curl, and patches already rolled out"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54096","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54096"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54096\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54096"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54096"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54096"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}