The third-party opensource project curl / libcurl, which is widely used in the software industry is subject to a vulnerability, rated with severity “High” and tracked as CVE-2023-38545.

We have made a hotfix for all potentially affected TeamViewer clients available already. We strongly recommend updating affected clients immediately.

1. DETAILS

Clients

Application	Versions	Status	Fixed version	User action required
TeamViewer Remote Client for Windows, Linux and macOS (Full, Host, QS)	15.22.1 – 15.46.5	Update available	15.46.7	Update to fixed version or higher.
TeamViewer Remote Client for Windows, Linux and macOS (Full, Host, QS)	Before 15.22.1 including major versions before 15.	Not affected		We always recommend updating to the latest version available.
TeamViewer Remote WebClient	all	Not affected		No action required.
TeamViewer Meeting for Windows	Before 15.46.8	Update available	15.46.8	Update to fixed version or higher.
TeamViewer Meeting for macOS	Before 15.46.8	Update available	15.46.8	Update to fixed version or higher.
TeamViewer QuickSupport for Android	Before 15.46.303	Update available	15.46.303	Update to fixed version or higher.
TeamViewer Remote Control for Android	Before 15.46.306	Update available	15.46.306	Update to fixed version or higher.
TeamViewer Host for Android	Before 15.46.304	Update available	15.46.304	Update to fixed version or higher.
TeamViewer AssistAR for Android	Before 15.46.304	Update available	15.46.304	Update to fixed version or higher.
TeamViewer Meeting for Android	Before 15.44.3	Update available	15.44.3	Update to fixed version or higher.
TeamViewer QuickSupport for iOS	Before 15.46.2	Update available	15.46.2	Update to fixed version or higher.
TeamViewer Remote Control for iOS	Before 15.46.2	Update available	15.46.2	Update to fixed version or higher.
TeamViewer AssistAR for iOS	Before 2.48.1	Update available	2.48.1	Update to fixed version or higher.
TeamViewer Meeting for iOS	Before 15.44.1	Update available	15.44.1	Update to fixed version or higher.
TeamViewer Remote Management: PatchManagement	Before 23.10.2	Update available	23.10.2	Update to fixed version or higher.
TeamViewer Frontline Spatial Editor	Before 4.19.1	Update available	4.19.1	Update to fixed version or higher.

 

Server / Backend

Products	Remediation status	User action
TeamViewer Remote	Patched / Fixed	Not required
TeamViewer Tensor	Patched / Fixed	Not required
TeamViewer Frontline	Patched / Fixed	Not required
TeamViewer Remote Management	Patched / Fixed	Not required

 

Infrastructure

Although our infrastructure is not affected by any known attack vector regarding the curl and libcurl vulnerability, we have patched all related components.

2. FAQ

How can I check if my client is affected?

In the TeamViewer client, click on Help -> About TeamViewer and compare the version number to the version numbers provided above. You can also check for updates as described in https://community.teamviewer.com/English/kb/articles/109987-update-teamviewer.

We are currently not aware of ways to exploit this vulnerability in our applications, however as a precautionary measure we recommend updating to the most recent version.

What can happen when this vulnerability is exploited?

This libcurl vulnerability is a buffer overflow and – if successfully exploited – could lead to code execution in the context of the application.

Does TeamViewer have evidence of exploitation?

We are currently not aware of ways to exploit this vulnerability in our applications, however as a precautionary measure we recommend updating to the most recent version anyways.

I’m not able to update an affected client. What can I do to mitigate the risk?

This libcurl vulnerability affects the code that handles HTTP/HTTPS requests via a SOCKS5 proxy. Hence it is very important to ensure that the proxy configuration of your devices is always under control, that only trusted proxy configurations are allowed and that no SOCKS5 proxies have been configured.