CVE-2023-27534

moderate-risk

Published 2023-03-30

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (10)

Curl

Fedora

Active Iq Unified Manager

Brocade Fabric Operating System Firmware

H300S Firmware

H500S Firmware

H700S Firmware

H410S Firmware

Universal Forwarder

Affected Vendors

Broadcom Haxx Fedoraproject Netapp Splunk

References (10)

Exploit https://hackerone.com/reports/1892351

Mailing List https://lists.debian.org/debian-lts-announce/2024/03/msg00016.html

Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Third Party Advisory https://security.gentoo.org/glsa/202310-12

Third Party Advisory https://security.netapp.com/advisory/ntap-20230420-0012/

Exploit https://hackerone.com/reports/1892351

Mailing List https://lists.debian.org/debian-lts-announce/2024/03/msg00016.html

Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Third Party Advisory https://security.gentoo.org/glsa/202310-12

Third Party Advisory https://security.netapp.com/advisory/ntap-20230420-0012/

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 0/34 · Minimal

Exposure 16/34 · Moderate