CVE-2023-27534

HIGH8.8

A path traversal vulnerability exists in curl <8

Published Mar 30, 2023

Modified 8 months ago

No fix available

Details

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.

References

WEBhttps://hackerone.com/reports/1892351 WEBhttps://lists.debian.org/debian-lts-announce/2024/03/msg00016.html ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/ADVISORYhttps://security.gentoo.org/glsa/202310-12 WEBhttps://security.netapp.com/advisory/ntap-20230420-0012/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2023-27534

CVSS Analysis

CVSS v3.1

8.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

8.8/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

Input Validation

CWE-22

Path Traversal

Ecosystems

Timeline

PublishedMar 30, 2023

ModifiedApr 23, 2025