cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
| Security Advisories – Next-Generation Firewalls (NGFW) |
| Title:HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023 Impact:High Description:On October 10, 2023, the following HTTP/2 protocol-level weakness, which enables a novel distributed denial of service (DDoS) attack technique, was disclosed:CVE-2023-44487: HTTP/2 Rapid Reset For a description of this vulnerability, see the following publications: How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack (Google)HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks (Cloudflare)CVE-2023-44487 – HTTP/2 Rapid Reset Attack (AWS)This advisory will be updated as additional information becomes available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZRead more…Date:20-Oct-2023 Title: cURL and libcurl Vulnerability Affecting Cisco Products: October 2023Impact:HighDescription:On October 11, 2023, cURL released Version 8.4.0 of the cURL utility and the libcurl library. This release addressed two security vulnerabilities: CVE-2023-38545 – High Security Impact Rating (SIR)CVE-2023-38546 – Low SIRThis advisory covers CVE-2023-38545 only. For more information about this vulnerability, see the cURL advisory. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-curl-libcurl-D9ds39cV |
