Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sangeeta
Contributor II
Contributor II
‎2024-01-11 09:50 AM

Vulnerabilities on libcurl.dll

During our regular scans we found some vulnerabilities on libcurl.dll (cve mentioned below), we are using the qliksense version - 14.78.23 (August 2022 patch 16).

The recommendation is to upgrade to libcurl 8.4.0. Please suggest if there are any patches available for upgrading libcurl.

CVE-2023-38545 (Heap Buffer Overflow)

CVE-2023-38546 (Cookie Injection)

Labels (1)
Labels
1 user say ditto
220 Views
0 Likes
2 Replies
Anil_Babu_Samineni
MVP
MVP
‎2024-01-12 03:59 AM

@Sangeeta This is not officially found by Qlik what I see, https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enter...

If you feel anything, please reach to your success engineer from Qlik.

Best Anil, When applicable please mark the correct/appropriate replies as "solution" (you can mark up to 3 "solutions". Please LIKE threads if the provided solution is helpful
188 Views
0 Likes
dmitri_volkov
Contributor III
Contributor III
‎2024-03-19 09:17 AM

Same here: CVE-2023-38545, Qlik Sense Enterprise on Windows February 2024 14.173.3

Scan found affected libcurl.dll versions in

C:\Program Files\Common Files\Qlik\Custom Data\QvOdbcConnectorPackage\...

Search of Qlik Community did not produce any references to CVE-2023-38545.

What would be a solution here?

110 Views
0 Likes