[ANN] PSA for P2Pool miners: curl's CVE-2023-38545 can affect you

TLDR: if you use a SOCKS5 proxy with P2Pool (you have –socks5 in the command line), and it connects to a 3rd-party Monero node, you are vulnerable to this. P2Pool v3.8 will have a fix for this. If you don’t want to wait for v3.8 release, you can compile the latest P2Pool code to fix it.

Links:

• https://safereddit.com/r/Monero/comments/1757ms3/
• https://curl.se/docs/CVE-2023-38545.html
• https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/

Author: sech1

Contact: u/sech1 (Reddit)

Note:

This is a free community message from sech1.

Read the service announcement for more info.

Always DYOR and make use of reputable escrow services. I do not/can not verify anything. Report any suspicious messages.