The curl CVE-2023-38545 affects curl clients that are configured to use a SOCKS5 proxy with remote DNS enabled. To exploit the vulnerability, the attacker needs to cause curl to look up an arbitrary hostname (which could be done via a malicious webserver issuing a HTTP redirect header). The attacker does not need to control the SOCK5 server curl uses, but doing so would likely provide a path to easier exploitation.
https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/