cURL vulnerability - CVE-2023-38545

This is a live discover query.

1
2
3
4
5
6
7
8
9
10
with file_list as (
select spj.cmd_line, sfj.path, sfj.file
from sophos_file_journal as sfj
join sophos_process_journal as spj
on spj.sophos_pid = sfj.sophos_pid
where sfj.subject = "FileBinaryReads"
and sfj.event_type = 9
and sfj.file like '%libcurl%'
)
select * from file_list join file as osqfile on osqfile.path = file_list.path where osqfile.file_version not like '8.4%'
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

with file_list as (
select spj.cmd_line, sfj.path, sfj.file
from sophos_file_journal as sfj
join sophos_process_journal as spj
on spj.sophos_pid = sfj.sophos_pid
where sfj.subject = "FileBinaryReads"
and sfj.event_type = 9
and sfj.file like '%libcurl%'
)
select * from file_list join file as osqfile on osqfile.path = file_list.path where osqfile.file_version not like '8.4%'

See the original discussion thread here

Qoosh

0 comments
0 members are here

Uncategorized

Anomalies

ATT&CK

Cloud Optix

Compliance

Data Lake

Device

Email

Events

Files

Live Response

Network

Other queries

Processes

Query Tips

Registry

Threat Hunting

User

cURL vulnerability - CVE-2023-38545