Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-27533

UNKNOWN
Published 2023-03-30T00:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-27533. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-xvw3-6q4f-2gcv

Advisory Details

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-27533
WEB https://hackerone.com/reports/1891474
WEB https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW
WEB https://security.gentoo.org/glsa/202310-12
WEB https://security.netapp.com/advisory/ntap-20230420-0011

Advisory provided by GitHub Security Advisory Database. Published: March 30, 2023, Modified: March 27, 2024

References

https://hackerone.com/reports/1891474
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
https://security.netapp.com/advisory/ntap-20230420-0011/
https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
https://security.gentoo.org/glsa/202310-12
Published: 2023-03-30T00:00:00
Last Modified: 2024-08-02T12:16:35.624Z
Copied to clipboard!