CVE-2023-27538
First published: Thu Mar 16 2023(Updated: )
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.
Credit: support@hackerone.com support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/curl | <8.0.0 | 8.0.0 |
| IBM IBM® Engineering Requirements Management DOORS | <=9.7.2.7 | |
| IBM IBM® Engineering Requirements Management DOORS Web Access | <=9.7.2.7 | |
| Haxx Libcurl | >=7.16.1<8.0.0 | |
| Fedoraproject Fedora | =36 | |
| Debian Debian Linux | =10.0 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| NetApp Clustered Data ONTAP | =9.0 | |
| Broadcom Brocade Fabric Operating System Firmware | ||
| All of | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| All of | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| All of | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| All of | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| Splunk Universal Forwarder | >=8.2.0<8.2.12 | |
| Splunk Universal Forwarder | >=9.0.0<9.0.6 | |
| Splunk Universal Forwarder | =9.1.0 | |
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| Netapp H410s Firmware | ||
| Netapp H410s |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://hackerone.com/reports/1898475
- https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
- https://security.gentoo.org/glsa/202310-12
- https://security.netapp.com/advisory/ntap-20230420-0010/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2180435
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2180437
- https://access.redhat.com/errata/RHSA-2023:6679
- https://bugzilla.redhat.com/show_bug.cgi?id=2179103
- https://exchange.xforce.ibmcloud.com/vulnerabilities/250533
- https://www.ibm.com/support/pages/node/7124058 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2023-27538?
The severity of CVE-2023-27538 is medium with a CVSSv3 score of 5.5.
What is CVE-2023-27538?
CVE-2023-27538 is an authentication bypass vulnerability in libcurl prior to v8.0.0 that allows the reuse of a previously established SSH connection despite a modified SSH option.
How does CVE-2023-27538 affect Haxx Libcurl?
Haxx Libcurl versions between 7.16.1 and 7.88.1 are affected by the CVE-2023-27538 vulnerability.
How does CVE-2023-27538 affect Fedora 36?
CVE-2023-27538 affects Fedora 36.
Is there a fix for CVE-2023-27538?
Yes, upgrading to libcurl version 8.0.0 or newer fixes the CVE-2023-27538 vulnerability.
- agent/weakness
- agent/author
- agent/type
- agent/first-publish-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-27538
- agent/software-canonical-lookup
- agent/references
- agent/severity
- agent/description
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- collector/nvd-index
- package-manager/redhat
- vendor/ibm
- canonical/ibm ibm® engineering requirements management doors
- version/ibm ibm® engineering requirements management doors/9.7.2.7
- canonical/ibm ibm® engineering requirements management doors web access
- version/ibm ibm® engineering requirements management doors web access/9.7.2.7
- vendor/haxx
- canonical/haxx libcurl
- version/haxx libcurl/7.16.1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/36
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp clustered data ontap
- version/netapp clustered data ontap/9.0
- vendor/broadcom
- canonical/broadcom brocade fabric operating system firmware
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h410s firmware
- canonical/netapp h410s
- vendor/splunk
- canonical/splunk universal forwarder
- version/splunk universal forwarder/8.2.0
- version/splunk universal forwarder/9.0.0
- version/splunk universal forwarder/9.1.0