From d9eddb227042c36f1528291f0321f426afeaf9aa Mon Sep 17 00:00:00 2001
From: Lily Foster <lily@lily.flowers>
Date: Thu, 12 Oct 2023 15:11:47 -0400
Subject: [PATCH] curl-impersonate: add CVE-2023-38545 as a known vulnerability

---
 pkgs/tools/networking/curl-impersonate/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkgs/tools/networking/curl-impersonate/default.nix b/pkgs/tools/networking/curl-impersonate/default.nix
index 59c281575c13..070aab8d53f2 100644
--- a/pkgs/tools/networking/curl-impersonate/default.nix
+++ b/pkgs/tools/networking/curl-impersonate/default.nix
@@ -153,6 +153,7 @@ let
       maintainers = with maintainers; [ deliciouslytyped lilyinstarlight ];
       platforms = platforms.unix;
       knownVulnerabilities = [
+        "CVE-2023-38545"  # SOCKS5 heap buffer overflow - https://curl.se/docs/CVE-2023-38545.html
         "CVE-2023-32001"  # fopen TOCTOU race condition - https://curl.se/docs/CVE-2023-32001.html
         "CVE-2022-43551"  # HSTS bypass - https://curl.se/docs/CVE-2022-43551.html
         "CVE-2022-42916"  # HSTS bypass - https://curl.se/docs/CVE-2022-42916.html