cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

CVE-2023-38545/6 security vulnerability.

Go to solution
Pix_R
Level 5

‎10-12-2023 10:47 AM

In trying to assess implications of the CURL hack upon Data Insight I see the \DataInsight\perl\site\lib\HTTP\Any\Curl.pm perl module lists libcurl 7.21.6 or newer. While that is a very old version and specifically the CVEs call out 

Affected Versions
 Affected versions: libcurl 7.69.0 to and including 8.3.0
 Not affected versions: libcurl < 7.69.0 and >= 8.4.0 (where a patch has been identified)

we are left to wonder as to ramifications of system software changes upon the Application.

Our organization will be patching for the various applications utilizing http calls over Socks5 (mentioned as a proxy in the script) and I will need to know a few facts to enter discussions with our security team.

Is DI affected by the vulnerability?
Will DI be aversely affected by patching to the latest library version?
Has Veritas released any statement on the vulnerability and its products?

Thank you
Pix

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Pix_R
Level 5

‎10-26-2023 11:41 AM

Reply was that DI is NOT affected by the CVE.

 

Pix

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
Pix_R
Level 5

‎10-15-2023 10:31 AM

Veritas Support mentioned to monitor the public doc - https://www.veritas.com/content/support/en_US/security/VTS23-013 for any update to the situational awareness that becomes released.

Pix

0 Kudos

Go to solution
Pix_R
Level 5

‎10-26-2023 11:41 AM

Reply was that DI is NOT affected by the CVE.

 

Pix

0 Kudos