{"id":"CURL-CVE-2023-27535","summary":"FTP too eager connection reuse","details":"libcurl would reuse a previously created FTP connection even when one or more\noptions had been changed that could have made the effective user a different\none, thus leading to doing the second transfer with the wrong credentials.\n\nlibcurl keeps previously used connections in a connection pool for subsequent\ntransfers to reuse if one of them matches the setup. However, several FTP\nsettings were left out from the configuration match checks, making them match\ntoo easily. The settings in questions are `CURLOPT_FTP_ACCOUNT`,\n`CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL`\nlevel.","aliases":["CVE-2023-27535"],"modified":"2025-11-12T00:50:45Z","published":"2023-03-20T08:00:00Z","database_specific":{"last_affected":"7.88.1","package":"curl","URL":"https://curl.se/docs/CVE-2023-27535.json","CWE":{"desc":"Authentication Bypass by Primary Weakness","id":"CWE-305"},"award":{"amount":"2400","currency":"USD"},"issue":"https://hackerone.com/reports/1892780","www":"https://curl.se/docs/CVE-2023-27535.html","affects":"both","severity":"Medium"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.13.0"},{"fixed":"8.0.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"177dbc7be07125582ddb7416dba7140b88ab9f62"},{"fixed":"8f4608468b890dce2dad9f91d5607ee7e9c1aba1"}]}],"versions":["7.88.1","7.88.0","7.87.0","7.86.0","7.85.0","7.84.0","7.83.1","7.83.0","7.82.0","7.81.0","7.80.0","7.79.1","7.79.0","7.78.0","7.77.0","7.76.1","7.76.0","7.75.0","7.74.0","7.73.0","7.72.0","7.71.1","7.71.0","7.70.0","7.69.1","7.69.0","7.68.0","7.67.0","7.66.0","7.65.3","7.65.2","7.65.1","7.65.0","7.64.1","7.64.0","7.63.0","7.62.0","7.61.1","7.61.0","7.60.0","7.59.0","7.58.0","7.57.0","7.56.1","7.56.0","7.55.1","7.55.0","7.54.1","7.54.0","7.53.1","7.53.0","7.52.1","7.52.0","7.51.0","7.50.3","7.50.2","7.50.1","7.50.0","7.49.1","7.49.0","7.48.0","7.47.1","7.47.0","7.46.0","7.45.0","7.44.0","7.43.0","7.42.1","7.42.0","7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","7.35.0","7.34.0","7.33.0","7.32.0","7.31.0","7.30.0","7.29.0","7.28.1","7.28.0","7.27.0","7.26.0","7.25.0","7.24.0","7.23.1","7.23.0","7.22.0","7.21.7","7.21.6","7.21.5","7.21.4","7.21.3","7.21.2","7.21.1","7.21.0","7.20.1","7.20.0","7.19.7","7.19.6","7.19.5","7.19.4","7.19.3","7.19.2","7.19.1","7.19.0","7.18.2","7.18.1","7.18.0","7.17.1","7.17.0","7.16.4","7.16.3","7.16.2","7.16.1","7.16.0","7.15.5","7.15.4","7.15.3","7.15.2","7.15.1","7.15.0","7.14.1","7.14.0","7.13.2","7.13.1","7.13.0"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2023-27535.json","vanir_signatures":[{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"144756889052754724113260167292418157541","length":777},"source":"https://github.com/curl/curl.git/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1","id":"CURL-CVE-2023-27535-0ca20558","signature_type":"Function","target":{"file":"lib/ftp.c","function":"ftp_setup_connection"}},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["249051371496294325293418146167441131792","316907984681467913074278740758804087811","281964232941739306942312270938929632981","314513495324286136254649528906640218513","59818866099852585929691621550690602494","189398374495080186353900728924496061138","49017665737998123067433446619972586829"],"threshold":0.9},"source":"https://github.com/curl/curl.git/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1","id":"CURL-CVE-2023-27535-5a3f4eb2","signature_type":"Line","target":{"file":"lib/ftp.h"}},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["332259773312131520347784395960594867798","247017993323766348137310678584532769631","22308357113486268949295633834223453721","282282641468099021671143748795016787753","238075788874476604671325002963907786373","224917612884175414508469408838208632177","123998458353505256223391052022143096594"],"threshold":0.9},"source":"https://github.com/curl/curl.git/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1","id":"CURL-CVE-2023-27535-80d619dd","signature_type":"Line","target":{"file":"lib/url.c"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"287625333089971616187303518351041995084","length":58702},"source":"https://github.com/curl/curl.git/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1","id":"CURL-CVE-2023-27535-8739c594","signature_type":"Function","target":{"file":"lib/setopt.c","function":"Curl_vsetopt"}},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["74109690018164856253709935642972399407","75165499141075901214628231832880523375","110851002141732273096457901093342829072","180457837491557558910985949895831641599"],"threshold":0.9},"source":"https://github.com/curl/curl.git/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1","id":"CURL-CVE-2023-27535-abf50e41","signature_type":"Line","target":{"file":"lib/setopt.c"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"235731259646339135720910914033614136221","length":546},"source":"https://github.com/curl/curl.git/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1","id":"CURL-CVE-2023-27535-cb963ebf","signature_type":"Function","target":{"file":"lib/ftp.c","function":"ftp_disconnect"}},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["98607751071061447667102384908952080537","126075237465289502977227077682288377449","115053390739190186024814476981529991660","252482238254390640024046494066099538032","125734872709257450007733563406606533180","246416999668734211632054196818464283146","299159724073895036453087682718363295772","153163230545241619422145211833813789150","234914403891334043182449190585115321460","310598283540096646520017203596794268563","186346695731389008844458887596826507733","213841626365942384945289272722400034984","289314043101237170926513048805797970261","224256726566915586364990289283517722913","164416533207039211609920938841404295833"],"threshold":0.9},"source":"https://github.com/curl/curl.git/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1","id":"CURL-CVE-2023-27535-db767618","signature_type":"Line","target":{"file":"lib/ftp.c"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"76320048837308618459250607276719881293","length":7619},"source":"https://github.com/curl/curl.git/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1","id":"CURL-CVE-2023-27535-e13320eb","signature_type":"Function","target":{"file":"lib/url.c","function":"ConnectionExists"}},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["16326998884989052871149855688495315716","217575825825678641381432349213129179279","97693253926019497739106840961767973719","262915691538625425481332498558368980621","28006377176174725601274651049959845431","311215650137085283969731094994410715046","39038549729658767785283109170598690744","340267614596093670905078009377547099794"],"threshold":0.9},"source":"https://github.com/curl/curl.git/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1","id":"CURL-CVE-2023-27535-f5ba771b","signature_type":"Line","target":{"file":"lib/urldata.h"}}]}}],"schema_version":"1.7.3","credits":[{"name":"Harry Sintonen","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}