CVE-2023-27538

Published: 3/30/2023 Last updated: 6/9/2025 Reserved: 3/2/2023

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.

CNA assigner: hackerone (36234546-b8fa-4601-9d6f-f4e334aa8ea1) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.7	High	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Opam packages affected (3)

conf-libcurl conf-mingw-w64-curl-i686 conf-mingw-w64-curl-x86_64

Products affected (1)

Product	Vendor	Version
https://github.com/curl/curl	n/a	n/a

References (8)

https://hackerone.com/reports/1898475
https://security.netapp.com/advisory/ntap-20230420-0010/
https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
https://security.gentoo.org/glsa/202310-12
https://hackerone.com/reports/1898475
https://security.netapp.com/advisory/ntap-20230420-0010/
https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
https://security.gentoo.org/glsa/202310-12