CVE-2023-27534

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.

Published: Mar 30, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-27534
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
haxx / curl	7.18.0	7.88.1.x
fedoraproject / fedora	36	36.x
splunk / universal_forwarder	9.1.0	9.1.0.x
splunk / universal_forwarder	9.0.0	9.0.6
splunk / universal_forwarder	8.2.0	8.2.12

https://hackerone.com/reports/1892351
https://lists.debian.org/debian-lts-announce/2024/03/msg00016.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
https://security.gentoo.org/glsa/202310-12
https://security.netapp.com/advisory/ntap-20230420-0012/

Vulnerability Database

289,599

CVE-2023-27534