What is CVE-2023-27533?

CVE-2023-27533 is a vulnerability in Https://github.com/curl/curl, classified under CWE-75. Published 2023-03-30.

Is CVE-2023-27533 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Https://github.com/curl/curl

CVE-2023-27533

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input…

EPSS: 0.002 (39.3th percentile) — read the EPSS interpretation.

Affected products

N/a Https://github.com/curl/curl — versions Fixed in 8.0.0

Weakness classification (CWE)

CWE-75

Public proof-of-concept exploits

References

hackerone.com/reports/1891474
FEDORA-2023-7e7414e64d (vendor-advisory)
security.netapp.com/advisory/ntap-20230420-0011/
[debian-lts-announce] 20230421 [SECURITY] [DLA 3398-1] curl security update (mailing-list)
GLSA-202310-12 (vendor-advisory)

Frequently asked questions

What is CVE-2023-27533?: CVE-2023-27533 is a vulnerability in Https://github.com/curl/curl, classified under CWE-75. Published 2023-03-30.
Is CVE-2023-27533 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.