Main Vulnerability Database Vulnerabilities #VU73826

#VU73826 Input validation error in cURL - CVE-2023-27533

Published: March 20, 2023

Vulnerability identifier: #VU73826

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-27533

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
cURL

Software vendor:
curl.haxx.se

Description

The vulnerability allows a remote attacker to manipulate requests.

The vulnerability exists due to missing documentation of the TELNET protocol support and the ability to pass on user name and "telnet options" for the server negotiation. A remote attacker can manipulate the connection sending unexpected data to the server via the affected client.

Remediation

Install updates from vendor's website.

External links

https://curl.haxx.se/docs/CVE-2023-27533.html

#VU73826 Input validation error in cURL - CVE-2023-27533

Description

Remediation

External links

Please verify you're human