Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-27533

Date: March 29, 2023

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.

Language: C

Severity Score

Related Resources (12)

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
https://nvd.nist.gov/vuln/detail/CVE-2023-27533
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
https://access.redhat.com/security/cve/CVE-2023-27533
https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
https://security-tracker.debian.org/tracker/CVE-2023-27533
https://seclists.org/oss-sec/2023/q1/174
https://hackerone.com/reports/1891474
https://security.netapp.com/advisory/ntap-20230420-0011/
https://github.com/curl/curl/commit/538b1e79a6e7b
https://security.gentoo.org/glsa/202310-12
https://www.mend.io/vulnerability-database/CVE-2023-27533

Severity Score

Weakness Type (CWE)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

CWE-75

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us