CVE-2023-27534 — HIGH (8.8)

Q: How severe is CVE-2023-27534?

CVE-2023-27534 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-27534?

Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl, Fedoraproject Fedora, Netapp Active Iq Unified Manager, Broadcom Brocade Fabric Operating System Firmware, Netapp H300S Firmware.

Vulnerability Description

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Haxx	Curl	>= 7.18.0, <= 7.88.1
Fedoraproject	Fedora	36
Netapp	Active Iq Unified Manager	-
Broadcom	Brocade Fabric Operating System Firmware	-
Netapp	H300S Firmware	-
Netapp	H300S	-
Netapp	H500S Firmware	-
Netapp	H500S	-
Netapp	H700S Firmware	-
Netapp	H700S	-
Netapp	H410S Firmware	-
Netapp	H410S	-
Splunk	Universal Forwarder	>= 8.2.0, < 8.2.12

Related Weaknesses (CWE)

CWE-22

References

https://hackerone.com/reports/1892351ExploitThird Party Advisory
https://lists.debian.org/debian-lts-announce/2024/03/msg00016.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
https://security.gentoo.org/glsa/202310-12Third Party Advisory
https://security.netapp.com/advisory/ntap-20230420-0012/Third Party Advisory
https://hackerone.com/reports/1892351ExploitThird Party Advisory
https://lists.debian.org/debian-lts-announce/2024/03/msg00016.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
https://security.gentoo.org/glsa/202310-12Third Party Advisory
https://security.netapp.com/advisory/ntap-20230420-0012/Third Party Advisory

FAQ

What is CVE-2023-27534?

CVE-2023-27534 is a vulnerability with a CVSS score of 8.8 (HIGH). A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its inten...

How severe is CVE-2023-27534?

CVE-2023-27534 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-27534?

Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl, Fedoraproject Fedora, Netapp Active Iq Unified Manager, Broadcom Brocade Fabric Operating System Firmware, Netapp H300S Firmware.