Lucene search
Veracode Vulnerability DatabaseVERACODE:39876HistoryMar 21, 2023 - 12:28 a.m.
Authentication Bypass
2023-03-2100:28:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
authentication bypass
curl
ssh
connection pool
0.0004 Low
EPSS
Percentile
15.9%
curl is vulnerable to Authentication Bypass. The vulnerability exists because the SSH connection is too eager to reuse still since it keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup
References
curl.se/docs/CVE-2023-27538.html
github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb
github.com/curl/curl/pull/10735
hackerone.com/reports/1898475
lists.debian.org/debian-lts-announce/2023/04/msg00025.html
lists.fedoraproject.org/archives/list/[email protected]/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
security.gentoo.org/glsa/202310-12
security.netapp.com/advisory/ntap-20230420-0010/
Related
debiancve
debiancve
CVE-2023-27538
2023-03-30 20:15:07
osv
osv
CVE-2023-27538
2023-03-30 20:15:07
SSH connection too eager reuse still
2023-03-20 08:00:00
curl - security update
2023-04-21 00:00:00
cve
cve
CVE-2023-27538
2023-03-30 20:15:07
nvd
nvd
CVE-2023-27538
2023-03-30 20:15:07
hackerone
hackerone
Internet Bug Bounty: CVE-2023-27538: SSH connection too eager reuse still
2023-03-20 07:44:24
curl: CVE-2023-27538: SSH connection too eager reuse still
2023-03-09 18:09:38
cvelist
cvelist
CVE-2023-27538
2023-03-30 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-27538 affecting package curl for versions less than 8.0.1-1
2023-04-16 00:48:11
CVE-2023-27538 affecting package cmake for versions less than 3.28.2-1
2024-03-19 17:21:46
CVE-2023-27538 affecting package rust for versions less than 1.72.0-2
2023-10-11 01:41:59
ibm
ibm
nessus
nessus
CBL Mariner 2.0 Security Update: curl (CVE-2023-27538)
2023-04-20 00:00:00
EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-2308)
2023-07-09 00:00:00
EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2023-2523)
2023-07-31 00:00:00
alpinelinux
alpinelinux
CVE-2023-27538
2023-03-30 20:15:07
prion
prion
Authentication flaw
2023-03-30 20:15:00
redhatcve
redhatcve
CVE-2023-27538
2023-03-21 13:14:10
ubuntucve
ubuntucve
CVE-2023-27538
2023-03-20 00:00:00
redhat
redhat
(RHSA-2023:6679) Moderate: curl security update
2023-11-07 06:11:52
debian
debian
[SECURITY] [DLA 3398-1] curl security update
2023-04-21 20:04:44
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2328)
2023-07-10 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2308)
2023-07-10 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2510)
2023-08-01 00:00:00
almalinux
almalinux
Moderate: curl security update
2023-11-07 00:00:00
oraclelinux
oraclelinux
curl security update
2023-11-11 00:00:00
redos
redos
ROS-20230407-01
2023-04-07 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2023-03-20 00:00:00
cloudfoundry
cloudfoundry
USN-5964-1: curl vulnerabilities | Cloud Foundry
2023-04-29 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: curl-7.87.0-7.fc38
2023-03-29 00:19:18
[SECURITY] Fedora 36 Update: curl-7.82.0-14.fc36
2023-04-09 01:41:25
[SECURITY] Fedora 37 Update: curl-7.85.0-8.fc37
2023-03-27 02:01:30
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0371
2023-04-06 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0589
2023-05-31 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0603
2023-06-26 00:00:00
freebsd
freebsd
curl -- multiple vulnerabilities
2023-03-20 00:00:00
slackware
slackware
[slackware-security] curl
2023-03-20 19:35:43
amazon
amazon
Medium: curl
2023-06-05 16:39:00
ics
ics
Siemens SINEC INS
2023-12-14 12:00:00
Siemens SINEC NMS
2024-02-15 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
mageia
mageia
Updated curl packages fix security vulnerability
2023-09-25 01:16:18
aix
aix
Multiple vulnerabilities cURL libcurl affect AIX
2023-06-29 09:35:59
gentoo
gentoo
curl: Multiple Vulnerabilities
2023-10-11 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47