curl-cffi@0.7.0b4 vulnerabilities

libcurl ffi bindings for Python, with impersonation support.

latest version

0.7.3
latest non vulnerable version

0.8.0b1
first published

2 years ago
latest version published

a month ago
licenses detected
- MIT
  [0,)
View curl-cffi package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the curl-cffi package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Heap-based Buffer Overflow curl-cffi is a python binding for curl-impersonate via cffi. Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the `SOCKS5` proxy handshake process when the hostname is longer than the target buffer and larger than 255 bytes. The local variable `socks5_resolve_local` could get the wrong value during a slow SOCKS5 handshake. Since the code wrongly thinks it should pass on the hostname, even though the hostname is too long to fit, the memory copy can overflow the allocated target buffer. This is only exploitable if the SOCKS5 handshake is slow enough to trigger a local variable bug and the client uses a hostname longer than the download buffer. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system under certain conditions. Note: An overflow is only possible in applications that don't set `CURLOPT_BUFFERSIZE` or set it smaller than 65541. Since the curl tool sets `CURLOPT_BUFFERSIZE` to 100kB by default, it is not vulnerable unless the user sets the rate limiting to a rate smaller than 65541 bytes/second. The options that cause SOCKS5 with remote hostname to be used in `libcurl`: `CURLOPT_PROXYTYPE` set to type `CURLPROXY_SOCKS5_HOSTNAME`, or: `CURLOPT_PROXY` or `CURLOPT_PRE_PROXY` set to use the scheme `socks5h://` One of the proxy environment variables can be set to use the `socks5h://` scheme. For example, `http_proxy`, `HTTPS_PROXY` or `ALL_PROXY`. The options that cause SOCKS5 with remote hostname to be used in the `curl` tool: `--socks5-hostname`, `--proxy` or `--preproxy` set to use the scheme `socks5h://` Environment variables as described in the libcurl section. Changelog: 2023-10-04: Initial publication 2023-10-11: Published updated information, including CWE, CVSS, official references and affected versions range. How to fix Heap-based Buffer Overflow? Upgrade `curl-cffi` to version 0.7.0b6 or higher.	[,0.7.0b6)

Heap-based Buffer Overflow

curl-cffi is a python binding for curl-impersonate via cffi.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the SOCKS5 proxy handshake process when the hostname is longer than the target buffer and larger than 255 bytes. The local variable socks5_resolve_local could get the wrong value during a slow SOCKS5 handshake. Since the code wrongly thinks it should pass on the hostname, even though the hostname is too long to fit, the memory copy can overflow the allocated target buffer.

This is only exploitable if the SOCKS5 handshake is slow enough to trigger a local variable bug and the client uses a hostname longer than the download buffer.

Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system under certain conditions.

Note:

An overflow is only possible in applications that don't set CURLOPT_BUFFERSIZE or set it smaller than 65541. Since the curl tool sets CURLOPT_BUFFERSIZE to 100kB by default, it is not vulnerable unless the user sets the rate limiting to a rate smaller than 65541 bytes/second.

The options that cause SOCKS5 with remote hostname to be used in libcurl:

CURLOPT_PROXYTYPE set to type CURLPROXY_SOCKS5_HOSTNAME, or: CURLOPT_PROXY or CURLOPT_PRE_PROXY set to use the scheme socks5h://
One of the proxy environment variables can be set to use the socks5h:// scheme. For example, http_proxy, HTTPS_PROXY or ALL_PROXY.

The options that cause SOCKS5 with remote hostname to be used in the curl tool:

--socks5-hostname, --proxy or --preproxy set to use the scheme socks5h://
Environment variables as described in the libcurl section.

Changelog:

2023-10-04: Initial publication

2023-10-11: Published updated information, including CWE, CVSS, official references and affected versions range.

How to fix Heap-based Buffer Overflow?

Upgrade curl-cffi to version 0.7.0b6 or higher.

[,0.7.0b6)

Go back to all versions of this package

curl-cffi@0.7.0b4 vulnerabilities

libcurl ffi bindings for Python, with impersonation support.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities