CVE-2023-27535

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-27535

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27535.json

Aliases

CURL-CVE-2023-27535

Related

Published

2023-03-30T20:15:07Z

Modified

2024-03-27T18:04:55.818849Z

Details

An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPTFTPACCOUNT, CURLOPTFTPALTERNATIVETOUSER, CURLOPTFTPSSLCCC, and CURLOPTUSE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.

References

Affected packages

Alpine:v3.14 / curl

Package

Name: curl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

8.0.1-r0

Affected versions

7.*

7.19.2-r0

7.19.2-r1

7.19.4-r0

7.19.5-r0

7.19.6-r0

7.19.7-r0

7.19.7-r1

7.20.1-r0

7.20.1-r1

7.21.0-r0

7.21.1-r0

7.21.2-r0

7.21.3-r0

7.21.3-r1

7.21.4-r0

7.21.4-r1

7.21.5-r0

7.21.5-r1

7.21.6-r0

7.21.7-r0

7.21.7-r1

7.21.7-r2

7.22.0-r0

7.23.1-r0

7.24.0-r0

7.25.0-r0

7.26.0-r0

7.27.0-r0

7.27.0-r1

7.28.0-r0

7.28.1-r0

7.29.0-r0

7.30.0-r0

7.31.0-r0

7.32.0-r0

7.33.0-r0

7.33.0-r1

7.34.0-r0

7.34.0-r1

7.35.0-r0

7.36.0-r0

7.37.0-r0

7.37.1-r0

7.38.0-r0

7.39.0-r0

7.40.0-r0

7.41.0-r0

7.42.0-r0

7.42.1-r0

7.42.1-r1

7.43.0-r0

7.44.0-r0

7.45.0-r0

7.45.0-r1

7.46.0-r0

7.46.0-r1

7.46.0-r2

7.47.0-r0

7.47.1-r0

7.48.0-r0

7.49.0-r0

7.49.1-r0

7.50.0-r0

7.50.1-r0

7.50.2-r0

7.50.3-r0

7.50.3-r1

7.51.0-r0

7.51.0-r1

7.52.0-r0

7.52.1-r0

7.52.1-r1

7.53.0-r0

7.53.1-r0

7.53.1-r1

7.53.1-r2

7.53.1-r3

7.54.0-r0

7.54.1-r0

7.55.0-r0

7.55.1-r0

7.56.0-r0

7.56.1-r0

7.56.1-r1

7.57.0-r0

7.58.0-r0

7.58.0-r1

7.58.0-r2

7.59.0-r0

7.59.0-r1

7.60.0-r0

7.60.0-r1

7.61.0-r0

7.61.1-r0

7.62.0-r0

7.62.0-r1

7.62.0-r2

7.63.0-r0

7.64.0-r0

7.64.0-r1

7.64.1-r0

7.64.1-r1

7.64.1-r2

7.64.1-r3

7.65.0-r0

7.65.1-r0

7.65.3-r0

7.66.0-r0

7.67.0-r0

7.68.0-r0

7.69.0-r0

7.69.0-r1

7.69.1-r0

7.70.0-r0

7.70.0-r1

7.70.0-r2

7.71.0-r0

7.71.0-r1

7.71.1-r0

7.72.0-r0

7.73.0-r0

7.74.0-r0

7.75.0-r0

7.76.0-r0

7.76.1-r0

7.77.0-r0

7.77.0-r1

7.78.0-r0

7.79.0-r0

7.79.1-r0

7.79.1-r1

7.79.1-r2

7.79.1-r3

7.79.1-r4

7.79.1-r5

Alpine:v3.15 / curl

Package

Name: curl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

8.0.1-r0

Affected versions

7.*

7.19.2-r0

7.19.2-r1

7.19.4-r0

7.19.5-r0

7.19.6-r0

7.19.7-r0

7.19.7-r1

7.20.1-r0

7.20.1-r1

7.21.0-r0

7.21.1-r0

7.21.2-r0

7.21.3-r0

7.21.3-r1

7.21.4-r0

7.21.4-r1

7.21.5-r0

7.21.5-r1

7.21.6-r0

7.21.7-r0

7.21.7-r1

7.21.7-r2

7.22.0-r0

7.23.1-r0

7.24.0-r0

7.25.0-r0

7.26.0-r0

7.27.0-r0

7.27.0-r1

7.28.0-r0

7.28.1-r0

7.29.0-r0

7.30.0-r0

7.31.0-r0

7.32.0-r0

7.33.0-r0

7.33.0-r1

7.34.0-r0

7.34.0-r1

7.35.0-r0

7.36.0-r0

7.37.0-r0

7.37.1-r0

7.38.0-r0

7.39.0-r0

7.40.0-r0

7.41.0-r0

7.42.0-r0

7.42.1-r0

7.42.1-r1

7.43.0-r0

7.44.0-r0

7.45.0-r0

7.45.0-r1

7.46.0-r0

7.46.0-r1

7.46.0-r2

7.47.0-r0

7.47.1-r0

7.48.0-r0

7.49.0-r0

7.49.1-r0

7.50.0-r0

7.50.1-r0

7.50.2-r0

7.50.3-r0

7.50.3-r1

7.51.0-r0

7.51.0-r1

7.52.0-r0

7.52.1-r0

7.52.1-r1

7.53.0-r0

7.53.1-r0

7.53.1-r1

7.53.1-r2

7.53.1-r3

7.54.0-r0

7.54.1-r0

7.55.0-r0

7.55.1-r0

7.56.0-r0

7.56.1-r0

7.56.1-r1

7.57.0-r0

7.58.0-r0

7.58.0-r1

7.58.0-r2

7.59.0-r0

7.59.0-r1

7.60.0-r0

7.60.0-r1

7.61.0-r0

7.61.1-r0

7.62.0-r0

7.62.0-r1

7.62.0-r2

7.63.0-r0

7.64.0-r0

7.64.0-r1

7.64.1-r0

7.64.1-r1

7.64.1-r2

7.64.1-r3

7.65.0-r0

7.65.1-r0

7.65.3-r0

7.66.0-r0

7.67.0-r0

7.68.0-r0

7.69.0-r0

7.69.0-r1

7.69.1-r0

7.70.0-r0

7.70.0-r1

7.70.0-r2

7.71.0-r0

7.71.0-r1

7.71.1-r0

7.72.0-r0

7.73.0-r0

7.74.0-r0

7.75.0-r0

7.76.0-r0

7.76.1-r0

7.77.0-r0

7.77.0-r1

7.78.0-r0

7.78.0-r1

7.78.0-r2

7.79.0-r0

7.79.1-r0

7.80.0-r0

7.80.0-r1

7.80.0-r2

7.80.0-r3

7.80.0-r4

7.80.0-r5

7.80.0-r6

Alpine:v3.16 / curl

Package

Name: curl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

8.0.1-r0

Affected versions

7.*

7.19.2-r0

7.19.2-r1

7.19.4-r0

7.19.5-r0

7.19.6-r0

7.19.7-r0

7.19.7-r1

7.20.1-r0

7.20.1-r1

7.21.0-r0

7.21.1-r0

7.21.2-r0

7.21.3-r0

7.21.3-r1

7.21.4-r0

7.21.4-r1

7.21.5-r0

7.21.5-r1

7.21.6-r0

7.21.7-r0

7.21.7-r1

7.21.7-r2

7.22.0-r0

7.23.1-r0

7.24.0-r0

7.25.0-r0

7.26.0-r0

7.27.0-r0

7.27.0-r1

7.28.0-r0

7.28.1-r0

7.29.0-r0

7.30.0-r0

7.31.0-r0

7.32.0-r0

7.33.0-r0

7.33.0-r1

7.34.0-r0

7.34.0-r1

7.35.0-r0

7.36.0-r0

7.37.0-r0

7.37.1-r0

7.38.0-r0

7.39.0-r0

7.40.0-r0

7.41.0-r0

7.42.0-r0

7.42.1-r0

7.42.1-r1

7.43.0-r0

7.44.0-r0

7.45.0-r0

7.45.0-r1

7.46.0-r0

7.46.0-r1

7.46.0-r2

7.47.0-r0

7.47.1-r0

7.48.0-r0

7.49.0-r0

7.49.1-r0

7.50.0-r0

7.50.1-r0

7.50.2-r0

7.50.3-r0

7.50.3-r1

7.51.0-r0

7.51.0-r1

7.52.0-r0

7.52.1-r0

7.52.1-r1

7.53.0-r0

7.53.1-r0

7.53.1-r1

7.53.1-r2

7.53.1-r3

7.54.0-r0

7.54.1-r0

7.55.0-r0

7.55.1-r0

7.56.0-r0

7.56.1-r0

7.56.1-r1

7.57.0-r0

7.58.0-r0

7.58.0-r1

7.58.0-r2

7.59.0-r0

7.59.0-r1

7.60.0-r0

7.60.0-r1

7.61.0-r0

7.61.1-r0

7.62.0-r0

7.62.0-r1

7.62.0-r2

7.63.0-r0

7.64.0-r0

7.64.0-r1

7.64.1-r0

7.64.1-r1

7.64.1-r2

7.64.1-r3

7.65.0-r0

7.65.1-r0

7.65.3-r0

7.66.0-r0

7.67.0-r0

7.68.0-r0

7.69.0-r0

7.69.0-r1

7.69.1-r0

7.70.0-r0

7.70.0-r1

7.70.0-r2

7.71.0-r0

7.71.0-r1

7.71.1-r0

7.72.0-r0

7.73.0-r0

7.74.0-r0

7.75.0-r0

7.76.0-r0

7.76.1-r0

7.77.0-r0

7.77.0-r1

7.78.0-r0

7.78.0-r1

7.78.0-r2

7.79.0-r0

7.79.1-r0

7.80.0-r0

7.81.0-r0

7.81.0-r1

7.82.0-r0

7.82.0-r1

7.83.0-r0

7.83.1-r0

7.83.1-r1

7.83.1-r2

7.83.1-r3

7.83.1-r4

7.83.1-r5

7.83.1-r6

Alpine:v3.17 / curl

Package

Name: curl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

7.88.1-r1

Affected versions

7.*

7.19.2-r0

7.19.2-r1

7.19.4-r0

7.19.5-r0

7.19.6-r0

7.19.7-r0

7.19.7-r1

7.20.1-r0

7.20.1-r1

7.21.0-r0

7.21.1-r0

7.21.2-r0

7.21.3-r0

7.21.3-r1

7.21.4-r0

7.21.4-r1

7.21.5-r0

7.21.5-r1

7.21.6-r0

7.21.7-r0

7.21.7-r1

7.21.7-r2

7.22.0-r0

7.23.1-r0

7.24.0-r0

7.25.0-r0

7.26.0-r0

7.27.0-r0

7.27.0-r1

7.28.0-r0

7.28.1-r0

7.29.0-r0

7.30.0-r0

7.31.0-r0

7.32.0-r0

7.33.0-r0

7.33.0-r1

7.34.0-r0

7.34.0-r1

7.35.0-r0

7.36.0-r0

7.37.0-r0

7.37.1-r0

7.38.0-r0

7.39.0-r0

7.40.0-r0

7.41.0-r0

7.42.0-r0

7.42.1-r0

7.42.1-r1

7.43.0-r0

7.44.0-r0

7.45.0-r0

7.45.0-r1

7.46.0-r0

7.46.0-r1

7.46.0-r2

7.47.0-r0

7.47.1-r0

7.48.0-r0

7.49.0-r0

7.49.1-r0

7.50.0-r0

7.50.1-r0

7.50.2-r0

7.50.3-r0

7.50.3-r1

7.51.0-r0

7.51.0-r1

7.52.0-r0

7.52.1-r0

7.52.1-r1

7.53.0-r0

7.53.1-r0

7.53.1-r1

7.53.1-r2

7.53.1-r3

7.54.0-r0

7.54.1-r0

7.55.0-r0

7.55.1-r0

7.56.0-r0

7.56.1-r0

7.56.1-r1

7.57.0-r0

7.58.0-r0

7.58.0-r1

7.58.0-r2

7.59.0-r0

7.59.0-r1

7.60.0-r0

7.60.0-r1

7.61.0-r0

7.61.1-r0

7.62.0-r0

7.62.0-r1

7.62.0-r2

7.63.0-r0

7.64.0-r0

7.64.0-r1

7.64.1-r0

7.64.1-r1

7.64.1-r2

7.64.1-r3

7.65.0-r0

7.65.1-r0

7.65.3-r0

7.66.0-r0

7.67.0-r0

7.68.0-r0

7.69.0-r0

7.69.0-r1

7.69.1-r0

7.70.0-r0

7.70.0-r1

7.70.0-r2

7.71.0-r0

7.71.0-r1

7.71.1-r0

7.72.0-r0

7.73.0-r0

7.74.0-r0

7.75.0-r0

7.76.0-r0

7.76.1-r0

7.77.0-r0

7.77.0-r1

7.78.0-r0

7.78.0-r1

7.78.0-r2

7.79.0-r0

7.79.1-r0

7.80.0-r0

7.81.0-r0

7.81.0-r1

7.82.0-r0

7.82.0-r1

7.83.0-r0

7.83.1-r0

7.83.1-r1

7.84.0-r0

7.84.0-r1

7.84.0-r2

7.85.0-r0

7.86.0-r0

7.86.0-r1

7.87.0-r0

7.87.0-r1

7.87.0-r2

7.88.1-r0

Alpine:v3.18 / curl

Package

Name: curl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

8.0.0-r0

Affected versions

7.*

7.19.2-r0

7.19.2-r1

7.19.4-r0

7.19.5-r0

7.19.6-r0

7.19.7-r0

7.19.7-r1

7.20.1-r0

7.20.1-r1

7.21.0-r0

7.21.1-r0

7.21.2-r0

7.21.3-r0

7.21.3-r1

7.21.4-r0

7.21.4-r1

7.21.5-r0

7.21.5-r1

7.21.6-r0

7.21.7-r0

7.21.7-r1

7.21.7-r2

7.22.0-r0

7.23.1-r0

7.24.0-r0

7.25.0-r0

7.26.0-r0

7.27.0-r0

7.27.0-r1

7.28.0-r0

7.28.1-r0

7.29.0-r0

7.30.0-r0

7.31.0-r0

7.32.0-r0

7.33.0-r0

7.33.0-r1

7.34.0-r0

7.34.0-r1

7.35.0-r0

7.36.0-r0

7.37.0-r0

7.37.1-r0

7.38.0-r0

7.39.0-r0

7.40.0-r0

7.41.0-r0

7.42.0-r0

7.42.1-r0

7.42.1-r1

7.43.0-r0

7.44.0-r0

7.45.0-r0

7.45.0-r1

7.46.0-r0

7.46.0-r1

7.46.0-r2

7.47.0-r0

7.47.1-r0

7.48.0-r0

7.49.0-r0

7.49.1-r0

7.50.0-r0

7.50.1-r0

7.50.2-r0

7.50.3-r0

7.50.3-r1

7.51.0-r0

7.51.0-r1

7.52.0-r0

7.52.1-r0

7.52.1-r1

7.53.0-r0

7.53.1-r0

7.53.1-r1

7.53.1-r2

7.53.1-r3

7.54.0-r0

7.54.1-r0

7.55.0-r0

7.55.1-r0

7.56.0-r0

7.56.1-r0

7.56.1-r1

7.57.0-r0

7.58.0-r0

7.58.0-r1

7.58.0-r2

7.59.0-r0

7.59.0-r1

7.60.0-r0

7.60.0-r1

7.61.0-r0

7.61.1-r0

7.62.0-r0

7.62.0-r1

7.62.0-r2

7.63.0-r0

7.64.0-r0

7.64.0-r1

7.64.1-r0

7.64.1-r1

7.64.1-r2

7.64.1-r3

7.65.0-r0

7.65.1-r0

7.65.3-r0

7.66.0-r0

7.67.0-r0

7.68.0-r0

7.69.0-r0

7.69.0-r1

7.69.1-r0

7.70.0-r0

7.70.0-r1

7.70.0-r2

7.71.0-r0

7.71.0-r1

7.71.1-r0

7.72.0-r0

7.73.0-r0

7.74.0-r0

7.75.0-r0

7.76.0-r0

7.76.1-r0

7.77.0-r0

7.77.0-r1

7.78.0-r0

7.78.0-r1

7.78.0-r2

7.79.0-r0

7.79.1-r0

7.80.0-r0

7.81.0-r0

7.81.0-r1

7.82.0-r0

7.82.0-r1

7.83.0-r0

7.83.1-r0

7.83.1-r1

7.84.0-r0

7.84.0-r1

7.84.0-r2

7.85.0-r0

7.86.0-r0

7.86.0-r1

7.87.0-r0

7.87.0-r1

7.87.0-r2

7.87.0-r3

7.88.0-r0

7.88.0-r1

7.88.1-r0

7.88.1-r1

Alpine:v3.19 / curl

Package

Name: curl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

8.0.0-r0

Affected versions

7.*

7.19.2-r0

7.19.2-r1

7.19.4-r0

7.19.5-r0

7.19.6-r0

7.19.7-r0

7.19.7-r1

7.20.1-r0

7.20.1-r1

7.21.0-r0

7.21.1-r0

7.21.2-r0

7.21.3-r0

7.21.3-r1

7.21.4-r0

7.21.4-r1

7.21.5-r0

7.21.5-r1

7.21.6-r0

7.21.7-r0

7.21.7-r1

7.21.7-r2

7.22.0-r0

7.23.1-r0

7.24.0-r0

7.25.0-r0

7.26.0-r0

7.27.0-r0

7.27.0-r1

7.28.0-r0

7.28.1-r0

7.29.0-r0

7.30.0-r0

7.31.0-r0

7.32.0-r0

7.33.0-r0

7.33.0-r1

7.34.0-r0

7.34.0-r1

7.35.0-r0

7.36.0-r0

7.37.0-r0

7.37.1-r0

7.38.0-r0

7.39.0-r0

7.40.0-r0

7.41.0-r0

7.42.0-r0

7.42.1-r0

7.42.1-r1

7.43.0-r0

7.44.0-r0

7.45.0-r0

7.45.0-r1

7.46.0-r0

7.46.0-r1

7.46.0-r2

7.47.0-r0

7.47.1-r0

7.48.0-r0

7.49.0-r0

7.49.1-r0

7.50.0-r0

7.50.1-r0

7.50.2-r0

7.50.3-r0

7.50.3-r1

7.51.0-r0

7.51.0-r1

7.52.0-r0

7.52.1-r0

7.52.1-r1

7.53.0-r0

7.53.1-r0

7.53.1-r1

7.53.1-r2

7.53.1-r3

7.54.0-r0

7.54.1-r0

7.55.0-r0

7.55.1-r0

7.56.0-r0

7.56.1-r0

7.56.1-r1

7.57.0-r0

7.58.0-r0

7.58.0-r1

7.58.0-r2

7.59.0-r0

7.59.0-r1

7.60.0-r0

7.60.0-r1

7.61.0-r0

7.61.1-r0

7.62.0-r0

7.62.0-r1

7.62.0-r2

7.63.0-r0

7.64.0-r0

7.64.0-r1

7.64.1-r0

7.64.1-r1

7.64.1-r2

7.64.1-r3

7.65.0-r0

7.65.1-r0

7.65.3-r0

7.66.0-r0

7.67.0-r0

7.68.0-r0

7.69.0-r0

7.69.0-r1

7.69.1-r0

7.70.0-r0

7.70.0-r1

7.70.0-r2

7.71.0-r0

7.71.0-r1

7.71.1-r0

7.72.0-r0

7.73.0-r0

7.74.0-r0

7.75.0-r0

7.76.0-r0

7.76.1-r0

7.77.0-r0

7.77.0-r1

7.78.0-r0

7.78.0-r1

7.78.0-r2

7.79.0-r0

7.79.1-r0

7.80.0-r0

7.81.0-r0

7.81.0-r1

7.82.0-r0

7.82.0-r1

7.83.0-r0

7.83.1-r0

7.83.1-r1

7.84.0-r0

7.84.0-r1

7.84.0-r2

7.85.0-r0

7.86.0-r0

7.86.0-r1

7.87.0-r0

7.87.0-r1

7.87.0-r2

7.87.0-r3

7.88.0-r0

7.88.0-r1

7.88.1-r0

7.88.1-r1

Git / github.com/curl/curl

Affected ranges

Type: GIT
Repo: https://github.com/curl/curl
Events: Introduced

4a9e12542dba5d3ce4b6205f1ec58e1336bc4b0e

Last affected

046209e561b7e9b5aab1aef7daebf29ee6e6e8c7

Affected versions

Other

before_ftp_statemachine

c-ares-1_3_0

curl-7_13_0

curl-7_13_1

curl-7_13_2

curl-7_14_0

curl-7_14_1

curl-7_15_0

curl-7_15_1

curl-7_15_2

curl-7_15_3

curl-7_15_4

curl-7_15_5

curl-7_15_6-prepipeline

curl-7_16_0

curl-7_16_1

curl-7_16_2

curl-7_16_3

curl-7_16_4

curl-7_17_0

curl-7_17_0-preldapfix

curl-7_17_1

curl-7_18_0

curl-7_18_1

curl-7_18_2

curl-7_19_0

curl-7_19_1

curl-7_19_2

curl-7_19_3

curl-7_19_4

curl-7_19_5

curl-7_19_6

curl-7_19_7

curl-7_20_0

curl-7_20_1

curl-7_21_0

curl-7_21_1

curl-7_21_2

curl-7_21_3

curl-7_21_4

curl-7_21_5

curl-7_21_6

curl-7_21_7

curl-7_22_0

curl-7_23_0

curl-7_23_1

curl-7_24_0

curl-7_25_0

curl-7_26_0

curl-7_27_0

curl-7_28_0

curl-7_28_1

curl-7_29_0

curl-7_30_0

curl-7_31_0

curl-7_32_0

curl-7_33_0

curl-7_34_0

curl-7_35_0

curl-7_36_0

curl-7_37_0

curl-7_37_1

curl-7_38_0

curl-7_39_0

curl-7_40_0

curl-7_41_0

curl-7_42_0

curl-7_43_0

curl-7_44_0

curl-7_45_0

curl-7_46_0

curl-7_47_0

curl-7_47_1

curl-7_48_0

curl-7_49_0

curl-7_49_1

curl-7_50_0

curl-7_50_1

curl-7_50_2

curl-7_50_3

curl-7_51_0

curl-7_52_0

curl-7_52_1

curl-7_53_0

curl-7_53_1

curl-7_54_0

curl-7_54_1

curl-7_55_0

curl-7_55_1

curl-7_56_0

curl-7_56_1

curl-7_57_0

curl-7_58_0

curl-7_59_0

curl-7_60_0

curl-7_61_0

curl-7_61_1

curl-7_62_0

curl-7_63_0

curl-7_64_0

curl-7_64_1

curl-7_65_0

curl-7_65_1

curl-7_65_2

curl-7_65_3

curl-7_66_0

curl-7_67_0

curl-7_68_0

curl-7_69_0

curl-7_69_1

curl-7_70_0

curl-7_71_0

curl-7_71_1

curl-7_72_0

curl-7_73_0

curl-7_74_0

curl-7_75_0

curl-7_76_0

curl-7_76_1

curl-7_77_0

curl-7_78_0

curl-7_79_0

curl-7_79_1

curl-7_80_0

curl-7_81_0

curl-7_82_0

curl-7_83_0

curl-7_83_1

curl-7_84_0

curl-7_85_0

curl-7_86_0

curl-7_87_0

curl-7_88_0

curl-7_88_1