CVE-2023-27533 Information
Description
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and elnet options\ during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application’s intent. This vulnerability could be exploited if an application allows user input thereby enabling attackers to execute arbitrary code on the system.
Reference
https://hackerone.com/reports/1891474
A
vulnerability
in
input
validation
exists
in
curl
<8.0
during
communication
using
the
TELNET
protocol
may
allow
an
attacker
to
pass
on
maliciously
crafted
user
name
and
elnet
options
during
server
negotiation.
The
lack
of
proper
input
scrubbing
allows
an
attacker
to
send
content
or
perform
option
negotiation
without
the
application’s
intent.
This
vulnerability
could
be
exploited
if
an
application
allows
user
input
thereby
enabling
attackers
to
execute
arbitrary
code
on
the
system.