#VU73828 State Issues in cURL


Vulnerability identifier: #VU73828

Vulnerability risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27535

CWE-ID: CWE-371

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
cURL
Client/Desktop applications / Other client software

Vendor: curl.haxx.se

Description

The vulnerability allows a remote attacker to gain unauthorized access to FTP server.

The vulnerability exists due to cURL will reuse a previously created FTP connection even when one or more options had been changed that could have made the effective user a very different one. A remote attacker can connect to the FTP server using credentials supplied by another user and gain access to otherwise restricted functionality.

The settings in questions are CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC and CURLOPT_USE_SSL level.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

cURL: 7.13.0 - 7.88.1

External links
http://curl.haxx.se/docs/CVE-2023-27535.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell ObjectScale
Multiple vulnerabilities in Dell Data Lakehouse System Software
Multiple vulnerabilities in Dell ThinOS
Multiple vulnerabilities in IBM Security Verify Governance - Identity Manager
Multiple vulnerabilities in Red Hat OpenShift GitOps
Multiple vulnerabilities in Red Hat OpenShift GitOps
Multiple vulnerabilities in Service Telemetry Framework 1.5
Multiple vulnerabilities in IBM Engineering Requirements Management DOORS/DWA
Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps
State issues in IBM Storage Ceph