Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2023-27538

Published: 30/03/2023 Updated: 27/03/2024
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Libcurl

Vulnerability Summary

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx libcurl

fedoraproject fedora 36

debian debian linux 10.0

netapp active iq unified manager -

broadcom brocade fabric operating system firmware -

netapp clustered data ontap 9.0

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h410s_firmware -

splunk universal forwarder 9.1.0

splunk universal forwarder

Vendor Advisories

Red Hat: Moderate: curl security update
Synopsis Moderate: curl security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for curl is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security ...
Red Hat: Important: cert-manager Operator for Red Hat OpenShift 1.12.1
Synopsis Important: cert-manager Operator for Red Hat OpenShift 1121 Type/Severity Security Advisory: Important Topic cert-manager Operator for Red Hat OpenShift 1121Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...
Amazon Linux 2: ALAS2-2023-2070
The curl advisory describes this issue as follows: curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation Due to lack of proper input scrubbing and without it being the documented functionality, curl would pass on user name and telnet options ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/c0da42e7f3807eaf20e31d85de8e0278
Critical Infrastructure Sectors: Critical Manufacturing
https://ics-cert.us-cert.gov/advisories/98c399e36f6402fb998b84a1a7aaa7b0
Critical Infrastructure Sectors: Critical Manufacturing
https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-287https://hackerone.com/reports/1898475https://security.netapp.com/advisory/ntap-20230420-0010/https://lists.debian.org/debian-lts-announce/2023/04/msg00025.htmlhttps://security.gentoo.org/glsa/202310-12https://access.redhat.com/errata/RHSA-2023:6679https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-16https://alas.aws.amazon.com/AL2/ALAS-2023-2070.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook