Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-27533

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.

Published

2023-03-30T20:15:07.373

Last Modified

2024-11-21T07:53:06.787

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-75
Type: Primary
CWE-74

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	haxx	curl	≤ 7.881	Yes
Operating System	fedoraproject	fedora	36	Yes
Application	netapp	active_iq_unified_manager	-	Yes
Application	netapp	clustered_data_ontap	9.0	Yes
Operating System	netapp	h300s_firmware	-	Yes
Hardware	netapp	h300s	-	No
Operating System	netapp	h500s_firmware	-	Yes
Hardware	netapp	h500s	-	No
Operating System	netapp	h700s_firmware	-	Yes
Hardware	netapp	h700s	-	No
Operating System	netapp	h410s_firmware	-	Yes
Hardware	netapp	h410s	-	No
Application	splunk	universal_forwarder	< 8.2.12	Yes
Application	splunk	universal_forwarder	< 9.0.6	Yes
Application	splunk	universal_forwarder	9.1.0	Yes

References

https://hackerone.com/reports/1891474 Exploit, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html Mailing List ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/ Mailing List, Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202310-12 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20230420-0011/ Third Party Advisory ([email protected])
https://hackerone.com/reports/1891474 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202310-12 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230420-0011/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)