CVE-2023-38545/6 security vulnerability.

Question

In trying to assess implications of the CURL hack upon Data Insight I see the \DataInsight\perl\site\lib\HTTP\Any\Curl.pm perl module lists libcurl 7.21.6 or newer. While that is a very old version and specifically the CVEs call out

Affected Versions
 Affected versions: libcurl 7.69.0 to and including 8.3.0
 Not affected versions: libcurl < 7.69.0 and >= 8.4.0 (where a patch has been identified)

we are left to wonder as to ramifications of system software changes upon the Application.

Our organization will be patching for the various applications utilizing http calls over Socks5 (mentioned as a proxy in the script) and I will need to know a few facts to enter discussions with our security team.

Is DI affected by the vulnerability?
Will DI be aversely affected by patching to the latest library version?
Has Veritas released any statement on the vulnerability and its products?

Thank you
Pix

pix_r · Accepted Answer

Reply was that DI is NOT affected by the CVE.&nbsp;Pix

pix_r · Answer

Veritas Support mentioned to monitor the public doc -&nbsp;https://www.veritas.com/content/support/en_US/security/VTS23-013&nbsp;for any update to the situational awareness that becomes released.Pix

Forum Discussion

CVE-2023-38545/6 security vulnerability.

2 Replies

Related Content

OpenSSL vulnerability <Security>

Subscription for Veritas NetBackup Security Vulnerabilities

Security Vulnerabilities

Netbackup 8.1 tomcat security vulnerabilities

CPU vulnerability Meltdown

Recent Discussions

Writing Made Easy: Tips and Tricks with Book Writing Helper

DI integration with EV

DI version 6.6 vs DI6.5.2

What is the expected behavior during Indexer Migration in DI?

Reporting on user fails to bulk add users in Data Insight