{"id":"CURL-CVE-2023-27533","summary":"TELNET option IAC injection","details":"curl supports communicating using the TELNET protocol and as a part of this it\noffers users to pass on username and \"telnet options\" for the server\nnegotiation.\n\nDue to lack of proper input scrubbing and without it being the documented\nfunctionality, curl would pass on username and telnet options to the server\nas provided. This could allow users to pass in carefully crafted content that\npass on content or do option negotiation without the application intending to\ndo so. In particular if an application for example allows users to provide the\ndata or parts of the data.","aliases":["CVE-2023-27533"],"modified":"2024-06-07T13:53:51Z","published":"2023-03-20T08:00:00Z","database_specific":{"award":{"currency":"USD","amount":"480"},"package":"curl","issue":"https://hackerone.com/reports/1891474","CWE":{"id":"CWE-75","desc":"Failure to Sanitize Special Elements into a Different Plane"},"affects":"both","last_affected":"7.88.1","URL":"https://curl.se/docs/CVE-2023-27533.json","severity":"Low","www":"https://curl.se/docs/CVE-2023-27533.html"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.7"},{"fixed":"8.0.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4"},{"fixed":"538b1e79a6e7b0bb829ab4cecc828d32105d0684"}]}],"versions":["7.88.1","7.88.0","7.87.0","7.86.0","7.85.0","7.84.0","7.83.1","7.83.0","7.82.0","7.81.0","7.80.0","7.79.1","7.79.0","7.78.0","7.77.0","7.76.1","7.76.0","7.75.0","7.74.0","7.73.0","7.72.0","7.71.1","7.71.0","7.70.0","7.69.1","7.69.0","7.68.0","7.67.0","7.66.0","7.65.3","7.65.2","7.65.1","7.65.0","7.64.1","7.64.0","7.63.0","7.62.0","7.61.1","7.61.0","7.60.0","7.59.0","7.58.0","7.57.0","7.56.1","7.56.0","7.55.1","7.55.0","7.54.1","7.54.0","7.53.1","7.53.0","7.52.1","7.52.0","7.51.0","7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0","7.45.0","7.44.0","7.43.0","7.42.1","7.42.0","7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","7.35.0","7.34.0","7.33.0","7.32.0","7.31.0","7.30.0","7.29.0","7.28.1","7.28.0","7.27.0","7.26.0","7.25.0","7.24.0","7.23.1","7.23.0","7.22.0","7.21.7","7.21.6","7.21.5","7.21.4","7.21.3","7.21.2","7.21.1","7.21.0","7.20.1","7.20.0","7.19.7","7.19.6","7.19.5","7.19.4","7.19.3","7.19.2","7.19.1","7.19.0","7.18.2","7.18.1","7.18.0","7.17.1","7.17.0","7.16.4","7.16.3","7.16.2","7.16.1","7.16.0","7.15.5","7.15.4","7.15.3","7.15.2","7.15.1","7.15.0","7.14.1","7.14.0","7.13.2","7.13.1","7.13.0","7.12.3","7.12.2","7.12.1","7.12.0","7.11.2","7.11.1","7.11.0","7.10.8","7.10.7","7.10.6","7.10.5","7.10.4","7.10.3","7.10.2","7.10.1","7.10","7.9.8","7.9.7","7.9.6","7.9.5","7.9.4","7.9.3","7.9.2","7.9.1","7.9","7.8.1","7.8","7.7.3","7.7.2","7.7.1","7.7"],"database_specific":{"vanir_signatures":[{"id":"CURL-CVE-2023-27533-06cc1622","deprecated":false,"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/538b1e79a6e7b0bb829ab4cecc828d32105d0684","digest":{"threshold":0.9,"line_hashes":["140215734692410661697234599066631632566","131272149742015686395035012034767886537","24950710791765505633578640162713113515","111157156948751413567724173818378805568","173463585764296241899713512252336084510","195355429445258231587476270489914833501","87096606759583326898705082018708241104","71036713810965996932657814048419541426","128627703658980178902818112768958301760","137893258744353539707802806432758432462","225701296891258226424164684742528509532"]},"signature_type":"Line","target":{"file":"lib/telnet.c"}},{"id":"CURL-CVE-2023-27533-f7c76eeb","deprecated":false,"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/538b1e79a6e7b0bb829ab4cecc828d32105d0684","digest":{"function_hash":"150358545022018107243859051204178416357","length":2681},"signature_type":"Function","target":{"function":"check_telnet_options","file":"lib/telnet.c"}}],"source":"https://curl.se/docs/CURL-CVE-2023-27533.json"}}],"schema_version":"1.7.3","credits":[{"name":"Harry Sintonen","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}