CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-27534

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.1%

CVSS Severity

CVSS v3 Score 8.8

References

Products affected by CVE-2023-27534

Haxx » Curl » Version: 7.18.0

cpe:2.3:a:haxx:curl:7.18.0
Haxx » Curl » Version: 7.18.1

cpe:2.3:a:haxx:curl:7.18.1
Haxx » Curl » Version: 7.18.2

cpe:2.3:a:haxx:curl:7.18.2
Haxx » Curl » Version: 7.19.0

cpe:2.3:a:haxx:curl:7.19.0
Haxx » Curl » Version: 7.19.1

cpe:2.3:a:haxx:curl:7.19.1
Haxx » Curl » Version: 7.19.2

cpe:2.3:a:haxx:curl:7.19.2
Haxx » Curl » Version: 7.19.3

cpe:2.3:a:haxx:curl:7.19.3
Haxx » Curl » Version: 7.19.4

cpe:2.3:a:haxx:curl:7.19.4
Haxx » Curl » Version: 7.19.5

cpe:2.3:a:haxx:curl:7.19.5
Haxx » Curl » Version: 7.19.6

cpe:2.3:a:haxx:curl:7.19.6
Haxx » Curl » Version: 7.19.7

cpe:2.3:a:haxx:curl:7.19.7
Haxx » Curl » Version: 7.19.7-53

cpe:2.3:a:haxx:curl:7.19.7-53
Haxx » Curl » Version: 7.20.0

cpe:2.3:a:haxx:curl:7.20.0
Haxx » Curl » Version: 7.20.1

cpe:2.3:a:haxx:curl:7.20.1
Haxx » Curl » Version: 7.21.0

cpe:2.3:a:haxx:curl:7.21.0
Haxx » Curl » Version: 7.21.1

cpe:2.3:a:haxx:curl:7.21.1
Haxx » Curl » Version: 7.21.2

cpe:2.3:a:haxx:curl:7.21.2
Haxx » Curl » Version: 7.21.3

cpe:2.3:a:haxx:curl:7.21.3
Haxx » Curl » Version: 7.21.4

cpe:2.3:a:haxx:curl:7.21.4
Haxx » Curl » Version: 7.21.5

cpe:2.3:a:haxx:curl:7.21.5
Haxx » Curl » Version: 7.21.6

cpe:2.3:a:haxx:curl:7.21.6
Haxx » Curl » Version: 7.21.7

cpe:2.3:a:haxx:curl:7.21.7
Haxx » Curl » Version: 7.22.0

cpe:2.3:a:haxx:curl:7.22.0
Haxx » Curl » Version: 7.23.0

cpe:2.3:a:haxx:curl:7.23.0
Haxx » Curl » Version: 7.23.1

cpe:2.3:a:haxx:curl:7.23.1
Haxx » Curl » Version: 7.24.0

cpe:2.3:a:haxx:curl:7.24.0
Haxx » Curl » Version: 7.25.0

cpe:2.3:a:haxx:curl:7.25.0
Haxx » Curl » Version: 7.26.0

cpe:2.3:a:haxx:curl:7.26.0
Haxx » Curl » Version: 7.27.0

cpe:2.3:a:haxx:curl:7.27.0
Haxx » Curl » Version: 7.28.0

cpe:2.3:a:haxx:curl:7.28.0
Haxx » Curl » Version: 7.28.1

cpe:2.3:a:haxx:curl:7.28.1
Haxx » Curl » Version: 7.29.0

cpe:2.3:a:haxx:curl:7.29.0
Haxx » Curl » Version: 7.30.0

cpe:2.3:a:haxx:curl:7.30.0
Haxx » Curl » Version: 7.31.0

cpe:2.3:a:haxx:curl:7.31.0
Haxx » Curl » Version: 7.32.0

cpe:2.3:a:haxx:curl:7.32.0
Haxx » Curl » Version: 7.33.0

cpe:2.3:a:haxx:curl:7.33.0
Haxx » Curl » Version: 7.34.0

cpe:2.3:a:haxx:curl:7.34.0
Haxx » Curl » Version: 7.35.0

cpe:2.3:a:haxx:curl:7.35.0
Haxx » Curl » Version: 7.36.0

cpe:2.3:a:haxx:curl:7.36.0
Haxx » Curl » Version: 7.37.0

cpe:2.3:a:haxx:curl:7.37.0
Haxx » Curl » Version: 7.37.1

cpe:2.3:a:haxx:curl:7.37.1
Haxx » Curl » Version: 7.38.0

cpe:2.3:a:haxx:curl:7.38.0
Haxx » Curl » Version: 7.39.0

cpe:2.3:a:haxx:curl:7.39.0
Haxx » Curl » Version: 7.40.0

cpe:2.3:a:haxx:curl:7.40.0
Haxx » Curl » Version: 7.41.0

cpe:2.3:a:haxx:curl:7.41.0
Haxx » Curl » Version: 7.42.0

cpe:2.3:a:haxx:curl:7.42.0
Haxx » Curl » Version: 7.42.1

cpe:2.3:a:haxx:curl:7.42.1
Haxx » Curl » Version: 7.43.0

cpe:2.3:a:haxx:curl:7.43.0
Haxx » Curl » Version: 7.44.0

cpe:2.3:a:haxx:curl:7.44.0
Haxx » Curl » Version: 7.45.0

cpe:2.3:a:haxx:curl:7.45.0
Haxx » Curl » Version: 7.46.0

cpe:2.3:a:haxx:curl:7.46.0
Haxx » Curl » Version: 7.47.0

cpe:2.3:a:haxx:curl:7.47.0
Haxx » Curl » Version: 7.47.1

cpe:2.3:a:haxx:curl:7.47.1
Haxx » Curl » Version: 7.48.0

cpe:2.3:a:haxx:curl:7.48.0
Haxx » Curl » Version: 7.49.0

cpe:2.3:a:haxx:curl:7.49.0
Haxx » Curl » Version: 7.49.1

cpe:2.3:a:haxx:curl:7.49.1
Haxx » Curl » Version: 7.50.0

cpe:2.3:a:haxx:curl:7.50.0
Haxx » Curl » Version: 7.50.1

cpe:2.3:a:haxx:curl:7.50.1
Haxx » Curl » Version: 7.50.2

cpe:2.3:a:haxx:curl:7.50.2
Haxx » Curl » Version: 7.50.3

cpe:2.3:a:haxx:curl:7.50.3
Haxx » Curl » Version: 7.51.0

cpe:2.3:a:haxx:curl:7.51.0
Haxx » Curl » Version: 7.52.0

cpe:2.3:a:haxx:curl:7.52.0
Haxx » Curl » Version: 7.52.1

cpe:2.3:a:haxx:curl:7.52.1
Haxx » Curl » Version: 7.53.0

cpe:2.3:a:haxx:curl:7.53.0
Haxx » Curl » Version: 7.53.1

cpe:2.3:a:haxx:curl:7.53.1
Haxx » Curl » Version: 7.54.0

cpe:2.3:a:haxx:curl:7.54.0
Haxx » Curl » Version: 7.54.1

cpe:2.3:a:haxx:curl:7.54.1
Haxx » Curl » Version: 7.55.0

cpe:2.3:a:haxx:curl:7.55.0
Haxx » Curl » Version: 7.55.1

cpe:2.3:a:haxx:curl:7.55.1
Haxx » Curl » Version: 7.56.0

cpe:2.3:a:haxx:curl:7.56.0
Haxx » Curl » Version: 7.56.1

cpe:2.3:a:haxx:curl:7.56.1
Haxx » Curl » Version: 7.57.0

cpe:2.3:a:haxx:curl:7.57.0
Haxx » Curl » Version: 7.58.0

cpe:2.3:a:haxx:curl:7.58.0
Haxx » Curl » Version: 7.59.0

cpe:2.3:a:haxx:curl:7.59.0
Haxx » Curl » Version: 7.60.0

cpe:2.3:a:haxx:curl:7.60.0
Haxx » Curl » Version: 7.61.0

cpe:2.3:a:haxx:curl:7.61.0
Haxx » Curl » Version: 7.61.1

cpe:2.3:a:haxx:curl:7.61.1
Haxx » Curl » Version: 7.62.0

cpe:2.3:a:haxx:curl:7.62.0
Haxx » Curl » Version: 7.63.0

cpe:2.3:a:haxx:curl:7.63.0
Haxx » Curl » Version: 7.64.0

cpe:2.3:a:haxx:curl:7.64.0
Haxx » Curl » Version: 7.64.1

cpe:2.3:a:haxx:curl:7.64.1
Haxx » Curl » Version: 7.65.0

cpe:2.3:a:haxx:curl:7.65.0
Haxx » Curl » Version: 7.65.1

cpe:2.3:a:haxx:curl:7.65.1
Haxx » Curl » Version: 7.65.2

cpe:2.3:a:haxx:curl:7.65.2
Haxx » Curl » Version: 7.65.3

cpe:2.3:a:haxx:curl:7.65.3
Haxx » Curl » Version: 7.66.0

cpe:2.3:a:haxx:curl:7.66.0
Haxx » Curl » Version: 7.67.0

cpe:2.3:a:haxx:curl:7.67.0
Haxx » Curl » Version: 7.68.0

cpe:2.3:a:haxx:curl:7.68.0
Haxx » Curl » Version: 7.69.0

cpe:2.3:a:haxx:curl:7.69.0
Haxx » Curl » Version: 7.69.1

cpe:2.3:a:haxx:curl:7.69.1
Haxx » Curl » Version: 7.70.0

cpe:2.3:a:haxx:curl:7.70.0
Haxx » Curl » Version: 7.71.0

cpe:2.3:a:haxx:curl:7.71.0
Haxx » Curl » Version: 7.71.1

cpe:2.3:a:haxx:curl:7.71.1
Haxx » Curl » Version: 7.72.0

cpe:2.3:a:haxx:curl:7.72.0
Haxx » Curl » Version: 7.73.0

cpe:2.3:a:haxx:curl:7.73.0
Haxx » Curl » Version: 7.74.0

cpe:2.3:a:haxx:curl:7.74.0
Haxx » Curl » Version: 7.75.0

cpe:2.3:a:haxx:curl:7.75.0
Haxx » Curl » Version: 7.76.0

cpe:2.3:a:haxx:curl:7.76.0
Haxx » Curl » Version: 7.76.1

cpe:2.3:a:haxx:curl:7.76.1
Haxx » Curl » Version: 7.77.0

cpe:2.3:a:haxx:curl:7.77.0
Haxx » Curl » Version: 7.78.0

cpe:2.3:a:haxx:curl:7.78.0
Haxx » Curl » Version: 7.79.0

cpe:2.3:a:haxx:curl:7.79.0
Haxx » Curl » Version: 7.79.1

cpe:2.3:a:haxx:curl:7.79.1
Haxx » Curl » Version: 7.80.0

cpe:2.3:a:haxx:curl:7.80.0
Haxx » Curl » Version: 7.81.0

cpe:2.3:a:haxx:curl:7.81.0
Haxx » Curl » Version: 7.82.0

cpe:2.3:a:haxx:curl:7.82.0
Haxx » Curl » Version: 7.83.0

cpe:2.3:a:haxx:curl:7.83.0
Haxx » Curl » Version: 7.83.1

cpe:2.3:a:haxx:curl:7.83.1
Haxx » Curl » Version: 7.84.0

cpe:2.3:a:haxx:curl:7.84.0
Haxx » Curl » Version: 7.85.0

cpe:2.3:a:haxx:curl:7.85.0
Haxx » Curl » Version: 7.86.0

cpe:2.3:a:haxx:curl:7.86.0
Haxx » Curl » Version: 7.87.0

cpe:2.3:a:haxx:curl:7.87.0
Haxx » Curl » Version: 7.88.0

cpe:2.3:a:haxx:curl:7.88.0
Haxx » Curl » Version: 7.88.1

cpe:2.3:a:haxx:curl:7.88.1
Netapp » Active Iq Unified Manager » Version: N/A

cpe:2.3:a:netapp:active_iq_unified_manager:-
Splunk » Universal Forwarder » Version: 8.2.0

cpe:2.3:a:splunk:universal_forwarder:8.2.0
Splunk » Universal Forwarder » Version: 8.2.10

cpe:2.3:a:splunk:universal_forwarder:8.2.10
Splunk » Universal Forwarder » Version: 8.2.11

cpe:2.3:a:splunk:universal_forwarder:8.2.11
Splunk » Universal Forwarder » Version: 8.2.6

cpe:2.3:a:splunk:universal_forwarder:8.2.6
Splunk » Universal Forwarder » Version: 8.2.7

cpe:2.3:a:splunk:universal_forwarder:8.2.7
Splunk » Universal Forwarder » Version: 8.2.8

cpe:2.3:a:splunk:universal_forwarder:8.2.8
Splunk » Universal Forwarder » Version: 8.2.9

cpe:2.3:a:splunk:universal_forwarder:8.2.9
Splunk » Universal Forwarder » Version: 9.0.0

cpe:2.3:a:splunk:universal_forwarder:9.0.0
Splunk » Universal Forwarder » Version: 9.0.1

cpe:2.3:a:splunk:universal_forwarder:9.0.1
Splunk » Universal Forwarder » Version: 9.0.2

cpe:2.3:a:splunk:universal_forwarder:9.0.2
Splunk » Universal Forwarder » Version: 9.0.3

cpe:2.3:a:splunk:universal_forwarder:9.0.3
Splunk » Universal Forwarder » Version: 9.0.4

cpe:2.3:a:splunk:universal_forwarder:9.0.4
Splunk » Universal Forwarder » Version: 9.0.5

cpe:2.3:a:splunk:universal_forwarder:9.0.5
Splunk » Universal Forwarder » Version: 9.1.0

cpe:2.3:a:splunk:universal_forwarder:9.1.0
Netapp » H300s » Version: N/A

cpe:2.3:h:netapp:h300s:-
Netapp » H410s » Version: N/A

cpe:2.3:h:netapp:h410s:-
Netapp » H500s » Version: N/A

cpe:2.3:h:netapp:h500s:-
Netapp » H700s » Version: N/A

cpe:2.3:h:netapp:h700s:-
Broadcom » Brocade Fabric Operating System Firmware » Version: N/A

cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-
Fedoraproject » Fedora » Version: 36

cpe:2.3:o:fedoraproject:fedora:36
Netapp » H300s Firmware » Version: N/A

cpe:2.3:o:netapp:h300s_firmware:-
Netapp » H410s Firmware » Version: N/A

cpe:2.3:o:netapp:h410s_firmware:-
Netapp » H500s Firmware » Version: N/A

cpe:2.3:o:netapp:h500s_firmware:-
Netapp » H700s Firmware » Version: N/A

cpe:2.3:o:netapp:h700s_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-27534

Products

Pricing

Contact Us