Learning from curl’s latest bug update – Naked Security

You may not have heard of Curl (or curlas it is more properly written), but it’s one of those open source toolkits that you’ve almost certainly used anyway, probably very often, without knowing.

The open source world provides numerous tools of this sort – ubiquitous, widely used in software projects all over the globe, but often invisible or hidden under the covers, and therefore not perhaps as well-appreciated as they ought to be.

SQLite, OpenSSL, zlib, FFmpeg, Minix…

… The list of supply-chain components that are built into hardware and software that you use all the time, often under completely different names, is long.

Curl is one of those tools, and as its own website explains, it’s a “Command line tool and library for transferring data with URLs (since 1998).”

It’s part of almost every Linux distribution on the planet, including many if not most embedded IoT devices, which use it to script things like updates and data uploads; it’s shipped with Apple’s macOS; and it’s handily included with Windows 10 and Windows 11.

You can also build and use curl as a shared library (look for files named libcurl.*.so or CURL*.DLL)so that you can call curl’s code without running a separate process and collecting the output from that, but that still counts as “using curl”.

Related posts


Latest posts

YouAttest collaborates with JumpCloud to give users access reviews for identity governance

YouAttest announced their product integration with JumpCloud - an open directory platform that gives IT, security...

SLACIP: How to Comply with the SOCI ACT Reforms

On March 31, 2022, the Security Legislation Amendment Critical Infrastructure Protection Act 2022, also known as SLACIP, was passed by the Australian Parliament. ...

Microsoft patches the Patch Tuesday patch that broke authentication – Naked Security

Two of the big-news vulnerabilities in this month's Patch Tuesday updates from Microsoft were CVE-2022-26923 and CVE-2022-26931which affected the safety of authentication in Windows. Even...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!