← Voltar para CVEs
CVE-2023-27533
HIGH8.8
Descricao
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado3/30/2023
Ultima modificacao2/13/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
fedoraproject:fedorahaxx:curlnetapp:active_iq_unified_managernetapp:clustered_data_ontapnetapp:h300snetapp:h300s_firmwarenetapp:h410snetapp:h410s_firmwarenetapp:h500snetapp:h500s_firmwarenetapp:h700snetapp:h700s_firmwaresplunk:universal_forwarder
Fraquezas (CWE)
CWE-75CWE-74
Referencias
https://hackerone.com/reports/1891474(support@hackerone.com)
https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html(support@hackerone.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/(support@hackerone.com)
https://security.gentoo.org/glsa/202310-12(support@hackerone.com)
https://security.netapp.com/advisory/ntap-20230420-0011/(support@hackerone.com)
https://hackerone.com/reports/1891474(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202310-12(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230420-0011/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.