{"api_version":"1","generated_at":"2026-04-22T18:31:50+00:00","cve":"CVE-2023-27538","urls":{"html":"https://cve.report/CVE-2023-27538","api":"https://cve.report/api/cve/CVE-2023-27538.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-27538","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-27538"},"summary":{"title":"CVE-2023-27538","description":"An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.","state":"PUBLIC","assigner":"support@hackerone.com","published_at":"2023-03-30 20:15:00","updated_at":"2024-03-27 14:46:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"https://security.gentoo.org/glsa/202310-12","name":"GLSA-202310-12","refsource":"GENTOO","tags":[],"title":"curl: Multiple Vulnerabilities (GLSA 202310-12) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html","name":"[debian-lts-announce] 20230421 [SECURITY] [DLA 3398-1] curl security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3398-1] curl security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://curl.se/docs/CVE-2023-27538.html","name":"https://curl.se/docs/CVE-2023-27538.html","refsource":"CONFIRM","tags":[],"title":"curl - SSH connection too eager reuse still - CVE-2023-27538","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://hackerone.com/reports/1898475","name":"https://hackerone.com/reports/1898475","refsource":"MISC","tags":[],"title":"HackerOne","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20230420-0010/","name":"https://security.netapp.com/advisory/ntap-20230420-0010/","refsource":"CONFIRM","tags":[],"title":"March 2023 cURL/libcURL Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/","name":"FEDORA-2023-7e7414e64d","refsource":"FEDORA","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 36 Update: curl-7.82.0-14.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-27538","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27538","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"27538","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"broadcom","cpe5":"brocade_fabric_operating_system_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"27538","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"27538","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"27538","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"27538","vulnerable":"1","versionEndIncluding":"7.88.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"libcurl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"27538","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"active_iq_unified_manager","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmware_vsphere","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"27538","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"clustered_data_ontap","cpe6":"9.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"27538","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h300s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"27538","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h300s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"27538","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h410s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"27538","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h410s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"27538","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h500s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"27538","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h500s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"27538","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h700s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"27538","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h700s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"27538","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"splunk","cpe5":"universal_forwarder","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"27538","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"splunk","cpe5":"universal_forwarder","cpe6":"9.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-27538","qid":"161067","title":"Oracle Enterprise Linux Security Update for curl (ELSA-2023-6679)"},{"cve":"CVE-2023-27538","qid":"181748","title":"Debian Security Update for curl (DLA 3398-1)"},{"cve":"CVE-2023-27538","qid":"184522","title":"Debian Security Update for curl (CVE-2023-27538)"},{"cve":"CVE-2023-27538","qid":"199246","title":"Ubuntu Security Notification for curl Vulnerabilities (USN-5964-1)"},{"cve":"CVE-2023-27538","qid":"242295","title":"Red Hat Update for curl (RHSA-2023:6679)"},{"cve":"CVE-2023-27538","qid":"283820","title":"Fedora Security Update for curl (FEDORA-2023-2884ba1528)"},{"cve":"CVE-2023-27538","qid":"283865","title":"Fedora Security Update for curl (FEDORA-2023-7e7414e64d)"},{"cve":"CVE-2023-27538","qid":"284222","title":"Fedora Security Update for curl (FEDORA-2023-0de03a9232)"},{"cve":"CVE-2023-27538","qid":"330140","title":"IBM AIX Multiple Vulnerabilities due to curl (curl_advisory2)"},{"cve":"CVE-2023-27538","qid":"355390","title":"Amazon Linux Security Advisory for curl : ALAS2-2023-2070"},{"cve":"CVE-2023-27538","qid":"355415","title":"Amazon Linux Security Advisory for curl : ALAS2023-2023-193"},{"cve":"CVE-2023-27538","qid":"378599","title":"Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)"},{"cve":"CVE-2023-27538","qid":"378883","title":"Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)"},{"cve":"CVE-2023-27538","qid":"502707","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2023-27538","qid":"502720","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2023-27538","qid":"503104","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2023-27538","qid":"505862","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2023-27538","qid":"672889","title":"EulerOS Security Update for curl (EulerOS-SA-2023-1816)"},{"cve":"CVE-2023-27538","qid":"672907","title":"EulerOS Security Update for curl (EulerOS-SA-2023-1798)"},{"cve":"CVE-2023-27538","qid":"673091","title":"EulerOS Security Update for curl (EulerOS-SA-2023-2188)"},{"cve":"CVE-2023-27538","qid":"673174","title":"EulerOS Security Update for curl (EulerOS-SA-2023-2308)"},{"cve":"CVE-2023-27538","qid":"673187","title":"EulerOS Security Update for curl (EulerOS-SA-2023-2328)"},{"cve":"CVE-2023-27538","qid":"673616","title":"EulerOS Security Update for curl (EulerOS-SA-2023-2635)"},{"cve":"CVE-2023-27538","qid":"673678","title":"EulerOS Security Update for curl (EulerOS-SA-2023-2677)"},{"cve":"CVE-2023-27538","qid":"691088","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for curl (0d7d104c-c6fb-11ed-8a4b-080027f5fec9)"},{"cve":"CVE-2023-27538","qid":"710772","title":"Gentoo Linux curl Multiple Vulnerabilities (GLSA 202310-12)"},{"cve":"CVE-2023-27538","qid":"753819","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2023:0865-1)"},{"cve":"CVE-2023-27538","qid":"753857","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2023:1711-1)"},{"cve":"CVE-2023-27538","qid":"754020","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2023:2226-1)"},{"cve":"CVE-2023-27538","qid":"754021","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2023:2228-1)"},{"cve":"CVE-2023-27538","qid":"906768","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for curl (25848-1)"},{"cve":"CVE-2023-27538","qid":"907361","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for rust (25808-1)"},{"cve":"CVE-2023-27538","qid":"907651","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for mysql (25803-1)"},{"cve":"CVE-2023-27538","qid":"941357","title":"AlmaLinux Security Update for curl (ALSA-2023:6679)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2023-27538","ASSIGNER":"support@hackerone.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"https://github.com/curl/curl","version":{"version_data":[{"version_value":"Fixed in 8.0.0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Authentication Bypass by Primary Weakness (CWE-305)"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://hackerone.com/reports/1898475","url":"https://hackerone.com/reports/1898475"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20230420-0010/","url":"https://security.netapp.com/advisory/ntap-20230420-0010/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230421 [SECURITY] [DLA 3398-1] curl security update","url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html"},{"refsource":"GENTOO","name":"GLSA-202310-12","url":"https://security.gentoo.org/glsa/202310-12"}]},"description":{"description_data":[{"lang":"eng","value":"An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection."}]}},"nvd":{"publishedDate":"2023-03-30 20:15:00","lastModifiedDate":"2024-03-27 14:46:00","problem_types":["CWE-287"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.16.1","versionEndExcluding":"8.0.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:clustered_data_ontap:9.0:-:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0","versionEndExcluding":"8.2.12","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}