cbcvebase.
CVE-2023-27533
published 2023-03-30

CVE-2023-27533: A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted…

high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.

Affected

32 ranges· showing 25
VendorProductVersion rangeFixed in
debiancurl< curl 7.88.1-7 (bookworm)curl 7.88.1-7 (bookworm)
fedoraprojectfedora
haxxcurl>= 0 < 7.74.0-1.3+deb11u87.74.0-1.3+deb11u8
haxxcurl>= 0 < 7.88.1-77.88.1-7
haxxcurl>= 0 < 7.88.1-77.88.1-7
haxxcurl>= 0 < 7.88.1-77.88.1-7
haxxcurl>= 0 < 7.58.0-2ubuntu3.247.58.0-2ubuntu3.24
haxxcurl>= 0 < 7.68.0-1ubuntu2.187.68.0-1ubuntu2.18
haxxcurl>= 0 < 7.81.0-1ubuntu1.107.81.0-1ubuntu1.10
haxxcurl>= 0 < 7.35.0-1ubuntu2.20+esm157.35.0-1ubuntu2.20+esm15
haxxcurl>= 0 < 7.47.0-1ubuntu2.19+esm87.47.0-1ubuntu2.19+esm8
haxxcurl7.0.0 – 7.881
httpsgithub.com_curl_curl
msrcazl3_cmake_3.21.4-10_on_azure_linux_3.0
msrcazl3_cmake_3.28.2-1_on_azure_linux_3.0
msrcazl3_rust_1.75.0-14_on_azure_linux_3.0
msrcazl3_rust_1.86.0-1_on_azure_linux_3.0
msrcazl3_tensorflow_2.11.1-1_on_azure_linux_3.0
msrcazl3_tensorflow_2.16.1-1_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_cmake_3.21.4-12_on_cbl_mariner_2.0
msrccbl2_curl_8.0.1-1_on_cbl_mariner_2.0
msrccbl2_mysql_8.0.34-1_on_cbl_mariner_2.0
msrccbl2_rust_1.72.0-2_on_cbl_mariner_2.0

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH