Curl SOCKS5 Heap Buffer Overflow Vulnerability (CVE-2023-38545)

Update from October 13, 2023

The Dynatrace team has finished analyzing each occurrence of the vulnerable curl library. None of the Dynatrace components are affected. The curl library is used in OneAgent and Synthetic, but none of them are susceptible to CVE-2023-38545.

Update from October 11, 2023

The Dynatrace team is actively reviewing the recently published curl SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545).

To date, none of the Dynatrace components seem to be affected by this vulnerability. The Dynatrace team will continue to assess the situation and provide further status updates on this page.

Notice

This document is provided on an “as is” basis, with no express or implied warranties. Some of the information provided may come from third parties. Your use of the information in the document or materials linked from the document is at your own risk. Dynatrace reserves the right to change or update this document without notice at any time. Dynatrace expects to update this document as new information becomes available.

Get article updates or report security vulnerabilities

Dynatrace takes a proactive approach in communicating security vulnerability information to customers. Learn more about Dynatrace security and our security policy. To report a security issue, email security@dynatrace.com.

RSS feed Report issue