CVE-2023-27534 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-27534

CVE-2023-27534

March 30, 2023

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.

Related Resources (10)

https://lists.debian.org/debian-lts-announce/2024/03/msg00016.html

https://access.redhat.com/security/cve/CVE-2023-27534

https://hackerone.com/reports/1892351

https://security.gentoo.org/glsa/202310-12

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

https://security-tracker.debian.org/tracker/CVE-2023-27534

https://github.com/curl/curl/commit/4e2b52b5f7a3bf50a

https://seclists.org/oss-sec/2023/q1/175

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

https://security.netapp.com/advisory/ntap-20230420-0012/

Do you need more information?