Published: 30/03/2023 Updated: 27/03/2024

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haxx curl
fedoraproject fedora 36
netapp active iq unified manager -
broadcom brocade fabric operating system firmware -
netapp h300s_firmware -
netapp h500s_firmware -
netapp h700s_firmware -
netapp h410s_firmware -
splunk universal forwarder 9.1.0
splunk universal forwarder

Synopsis Moderate: curl security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for curl is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security ...

Synopsis Important: cert-manager Operator for Red Hat OpenShift 1121 Type/Severity Security Advisory: Important Topic cert-manager Operator for Red Hat OpenShift 1121Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...

The curl advisory describes this issue as follows: curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation Due to lack of proper input scrubbing and without it being the documented functionality, curl would pass on user name and telnet options ...

A vulnerability was found in curl In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has be ...

Description This CVE is under investigation by Red Hat Product Security ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-22 https://hackerone.com/reports/1892351 https://security.netapp.com/advisory/ntap-20230420-0012/https://security.gentoo.org/glsa/202310-12 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/https://lists.debian.org/debian-lts-announce/2024/03/msg00016.html https://access.redhat.com/errata/RHSA-2023:6679 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11 https://alas.aws.amazon.com/AL2/ALAS-2023-2070.html

CVE-2023-27534

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect