CVE-2023-27538

MEDIUM

Haxx Libcurl < 8.0.0 - Authentication Bypass

Title source: rule

Description

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.

References (4)

[Exploit, Third Party Advisory] https://hackerone.com/reports/1898475

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20230420-0010/

[Mailing List] https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

[Third Party Advisory] https://security.gentoo.org/glsa/202310-12

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 1.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-305 CWE-287

Status published

Products (12)

broadcom/brocade_fabric_operating_system_firmware

debian/debian_linux 10.0

fedoraproject/fedora 36

haxx/libcurl 7.16.1 - 8.0.0

netapp/active_iq_unified_manager

netapp/clustered_data_ontap 9.0

netapp/h300s_firmware

netapp/h410s_firmware

netapp/h500s_firmware

netapp/h700s_firmware

... and 2 more

Published Mar 30, 2023

Tracked Since Feb 18, 2026