CVE-2023-27538
First published: Thu Mar 16 2023(Updated: )
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Engineering Requirements Management DOORS Web Access | <=9.7.2.7 | |
| IBM Rational DOORS Web Access | <=9.7.2.7 | |
| redhat/curl | <8.0.0 | 8.0.0 |
| libcurl | >=7.16.1<8.0.0 | |
| Red Hat Fedora | =36 | |
| Debian Linux | =10.0 | |
| NetApp Active IQ Unified Manager for VMware vSphere | ||
| IBM Data ONTAP | =9.0 | |
| Brocade Fabric Operating System | ||
| All of | ||
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| All of | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H700S | ||
| NetApp H700S | ||
| All of | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| Splunk Universal Forwarder | >=8.2.0<8.2.12 | |
| Splunk Universal Forwarder | >=9.0.0<9.0.6 | |
| Splunk Universal Forwarder | =9.1.0 | |
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H700S | ||
| NetApp H700S | ||
| NetApp H410S | ||
| NetApp H410S Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://hackerone.com/reports/1898475
- https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
- https://security.gentoo.org/glsa/202310-12
- https://security.netapp.com/advisory/ntap-20230420-0010/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2180435
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2180437
- https://access.redhat.com/errata/RHSA-2023:6679
- https://bugzilla.redhat.com/show_bug.cgi?id=2179103
- https://exchange.xforce.ibmcloud.com/vulnerabilities/250533
- https://www.ibm.com/support/pages/node/7124058 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2023-27538?
The severity of CVE-2023-27538 is medium with a CVSSv3 score of 5.5.
What is CVE-2023-27538?
CVE-2023-27538 is an authentication bypass vulnerability in libcurl prior to v8.0.0 that allows the reuse of a previously established SSH connection despite a modified SSH option.
How does CVE-2023-27538 affect Haxx Libcurl?
Haxx Libcurl versions between 7.16.1 and 7.88.1 are affected by the CVE-2023-27538 vulnerability.
How does CVE-2023-27538 affect Fedora 36?
CVE-2023-27538 affects Fedora 36.
Is there a fix for CVE-2023-27538?
Yes, upgrading to libcurl version 8.0.0 or newer fixes the CVE-2023-27538 vulnerability.
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/trending
- agent/source
- agent/author
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-27538
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- vendor/ibm
- canonical/ibm engineering requirements management doors web access
- version/ibm engineering requirements management doors web access/9.7.2.7
- canonical/ibm rational doors web access
- version/ibm rational doors web access/9.7.2.7
- package-manager/redhat
- vendor/haxx
- canonical/libcurl
- version/libcurl/7.16.1
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/36
- vendor/debian
- canonical/debian linux
- version/debian linux/10.0
- vendor/netapp
- canonical/netapp active iq unified manager for vmware vsphere
- canonical/ibm data ontap
- version/ibm data ontap/9.0
- vendor/broadcom
- canonical/brocade fabric operating system
- canonical/netapp h300s firmware
- canonical/netapp h500e firmware
- canonical/netapp h700s
- canonical/netapp h410s
- canonical/netapp h410s firmware
- vendor/splunk
- canonical/splunk universal forwarder
- version/splunk universal forwarder/8.2.0
- version/splunk universal forwarder/9.0.0
- version/splunk universal forwarder/9.1.0