CVE-2023-27534
30.03.2023, 20:15
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| haxx | curl | 7.18.0 ≤ 𝑥 ≤ 7.88.1 |
| netapp | active_iq_unified_manager | - |
| broadcom | brocade_fabric_operating_system_firmware | - |
| netapp | h300s_firmware | - |
| netapp | h500s_firmware | - |
| netapp | h700s_firmware | - |
| netapp | h410s_firmware | - |
| splunk | universal_forwarder | 8.2.0 ≤ 𝑥 < 8.2.12 |
| splunk | universal_forwarder | 9.0.0 ≤ 𝑥 < 9.0.6 |
| splunk | universal_forwarder | 9.1.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| curl |
| ||||||||||||||||||||||||||||||||||
| libcurl-devel |
| ||||||||||||||||||||||||||||||||||
| libcurl4 |
| ||||||||||||||||||||||||||||||||||
| libcurl4-32bit |
| ||||||||||||||||||||||||||||||||||
| libnghttp2-14 |
| ||||||||||||||||||||||||||||||||||
| libnghttp2-14-32bit |
| ||||||||||||||||||||||||||||||||||
| libnghttp2-devel |
|
Red Hat Enterprise Linux Releases
References