Main Vulnerability Database Vulnerabilities #VU73827

#VU73827 Input validation error in cURL - CVE-2023-27534

Published: March 20, 2023

Vulnerability identifier: #VU73827

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-27534

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
cURL

Software vendor:
curl.haxx.se

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in the SFTP support when handling the tilde "~" character in the filepath. cURL will replace the tilde character to the current user's home directory and can reveal otherwise restricted files.

Remediation

Install updates from vendor's website.

External links

https://curl.haxx.se/docs/CVE-2023-27534.html

#VU73827 Input validation error in cURL - CVE-2023-27534

Description

Remediation

External links

Please verify you're human