The libcurl and curl projects have released a new version, 8.4.0, to address a high-severity heap-based buffer overflow vulnerability (CVE-2023-38545) that could impact systems with specific configurations and preconditions. The vulnerability is present in packages from various ecosystems, including C/C++, cargo, cocoapods, npm, NuGet, pip, and pub, as well as Linux distributions such as Alpine, Debian, RHEL, and others. The exploit complexity is considered high, requiring specific scenarios to trigger the vulnerable condition. To prepare for remediation, users can use Snyk's reporting feature to find impacted projects, identify hosts with curl installed, and update packages and containers accordingly. A fixed version of libcurl will be released on October 11, 2023, at around 06:00 UTC.