CVE-2023-27538

CWE-305 CWE-287 — Improper Authentication10 documents9 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 94.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haxx Libcurl Splunk Universal Forwarder Https: /github.com/curl/curl +3 more

Timeline

PublishedMar 30

Latest updateApr 19

Description

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connectio…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶NVDhaxx/libcurl7.16.1 — 8.0.0

▶NVDsplunk/universal_forwarder8.2.0 — 8.2.12+2

▶Debiancurl< 7.74.0-1.3+deb11u8+3

▶NVDnetapp/clustered_data_ontap9.0

▶CVEListV5https://github.com/curl/curlFixed in 8.0.0

Also affects: Debian Linux 10.0, Fedora 36

🔴Vulnerability Details

CVEList

CVE-2023-27538: An authentication bypass vulnerability exists in libcurl prior to v8↗2023-03-30

▶

OSV

CVE-2023-27538: An authentication bypass vulnerability exists in libcurl prior to v8↗2023-03-30

▶

GHSA

GHSA-cgj3-cvg6-pcvh: An authentication bypass vulnerability exists in libcurl v8↗2023-03-30

▶

📋Vendor Advisories

Ubuntu

curl vulnerabilities↗2023-03-20

▶

Red Hat

curl: SSH connection too eager reuse still↗2023-03-20

▶

Microsoft

▶

Debian

CVE-2023-27538: curl - An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where i...↗2023

▶

💬Community

HackerOne

CVE-2023-27538: SSH connection too eager reuse still↗2023-04-19

▶

HackerOne

CVE-2023-27538: SSH connection too eager reuse still↗2023-03-22

▶