Published: 30/03/2023 Updated: 27/03/2024

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an malicious user to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an malicious user to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling malicious users to execute arbitrary code on the system.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haxx curl
fedoraproject fedora 36
netapp active iq unified manager -
netapp clustered data ontap 9.0
netapp h300s_firmware -
netapp h500s_firmware -
netapp h700s_firmware -
netapp h410s_firmware -
splunk universal forwarder 9.1.0
splunk universal forwarder

Synopsis Moderate: curl security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for curl is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security ...

Synopsis Important: cert-manager Operator for Red Hat OpenShift 1121 Type/Severity Security Advisory: Important Topic cert-manager Operator for Red Hat OpenShift 1121Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...

The curl advisory describes this issue as follows: curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation Due to lack of proper input scrubbing and without it being the documented functionality, curl would pass on user name and telnet options ...

Description This CVE is under investigation by Red Hat Product Security ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-74 https://hackerone.com/reports/1891474 https://security.netapp.com/advisory/ntap-20230420-0011/https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html https://security.gentoo.org/glsa/202310-12 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/https://access.redhat.com/errata/RHSA-2023:6679 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15 https://alas.aws.amazon.com/AL2/ALAS-2023-2070.html

CVE-2023-27533

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect