GHSA-3vpc-4p9p-47hc
High Severity vulnerability vulnerability in curl-cffi (PyPI)

High Severity vulnerability No known exploit

What is GHSA-3vpc-4p9p-47hc About?

This vulnerability affects curl_cffi due to a critical flaw in its bundled libcurl, version < 8.4.0. It is deemed a major security issue, potentially leading to significant compromise of affected systems. Exploitation is anticipated to be straightforward once details are fully publicized.

Affected Software

curl-cffi <0.7.0b6

Technical Details

The curl_cffi library, specifically versions bundling libcurl older than 8.4.0 (such as 7.84.0), is susceptible to a high-severity vulnerability (CVE-2023-38545) originating from libcurl itself. While full details are not yet public, curl developers have indicated this is a 'major issue.' The vulnerability likely allows attackers to compromise applications relying on curl_cffi by leveraging flaws within the underlying libcurl implementation. This could involve various attack vectors depending on the specific nature of the libcurl flaw, such as memory corruption, buffer overflows, or other network protocol handling errors.

What is the Impact of GHSA-3vpc-4p9p-47hc?

Successful exploitation may allow attackers to compromise the confidentiality, integrity, or availability of the system through the vulnerable curl_cffi library.

What is the Exploitability of GHSA-3vpc-4p9p-47hc?

Exploitation complexity is currently unknown, but given the severity indicated by curl developers, it is expected to be straightforward for a motivated attacker once the full details and attack vectors are released. There are no explicit authentication or privilege requirements mentioned, suggesting that unauthenticated, remote exploitation might be possible depending on the nature of the underlying libcurl flaw. The primary risk factor is the widespread use of vulnerable libcurl versions within curl_cffi.

What are the Known Public Exploits?

PoC Author Link Commentary
No known exploits

What are the Available Fixes for GHSA-3vpc-4p9p-47hc?

Available Upgrade Options

  • curl-cffi
    • <0.7.0b6 → Upgrade to 0.7.0b6

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to GHSA-3vpc-4p9p-47hc?

Similar Vulnerabilities: CVE-2023-38545 , CVE-2023-38546 , CVE-2023-38547 , CVE-2023-38548 , CVE-2023-38549

All Rights reserved 2025
Privacy Policy