Oval Definition:oval:org.opensuse.security:def:202327534
Revision Date:2023-06-22Version:1
Title:CVE-2023-27534
Description:

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2023-27534
SUSE CVE-2023-27534
SUSE-CU-2023:1103-1
SUSE-CU-2023:1104-1
SUSE-CU-2023:1105-1
SUSE-CU-2023:766-1
SUSE-CU-2023:803-1
SUSE-CU-2023:804-1
SUSE-CU-2023:805-1
SUSE-CU-2023:806-1
SUSE-CU-2023:807-1
SUSE-CU-2023:808-1
SUSE-CU-2023:809-1
SUSE-CU-2023:810-1
SUSE-CU-2023:811-1
SUSE-CU-2023:812-1
SUSE-CU-2023:813-1
SUSE-CU-2023:814-1
SUSE-CU-2023:815-1
SUSE-CU-2023:816-1
SUSE-CU-2023:817-1
SUSE-CU-2023:818-1
SUSE-CU-2023:819-1
SUSE-CU-2023:820-1
SUSE-CU-2023:821-1
SUSE-CU-2023:825-1
SUSE-CU-2023:833-1
SUSE-CU-2023:838-1
SUSE-CU-2023:842-1
SUSE-CU-2023:846-1
SUSE-CU-2023:885-1
SUSE-CU-2023:895-1
SUSE-CU-2023:896-1
SUSE-CU-2023:942-1
SUSE-CU-2023:943-1
SUSE-CU-2023:944-1
SUSE-CU-2023:945-1
SUSE-CU-2023:946-1
SUSE-CU-2023:947-1
SUSE-CU-2023:948-1
SUSE-CU-2023:949-1
SUSE-CU-2023:950-1
SUSE-CU-2023:951-1
SUSE-CU-2023:952-1
SUSE-CU-2023:953-1
SUSE-CU-2023:954-1
SUSE-CU-2023:955-1
SUSE-CU-2023:956-1
SUSE-IU-2023:219-1
SUSE-IU-2023:220-1
SUSE-IU-2023:221-1
SUSE-SU-2023:0865-1
SUSE-SU-2023:1582-1
SUSE-SU-2023:1711-1
SUSE-CU-2023:1229-1
SUSE-CU-2023:1231-1
SUSE-CU-2023:1234-1
SUSE-CU-2023:1236-1
SUSE-CU-2023:1261-1
SUSE-CU-2023:1262-1
SUSE-CU-2023:1458-1
SUSE-CU-2023:1459-1
SUSE-CU-2023:1460-1
SUSE-CU-2023:1461-1
SUSE-CU-2023:1462-1
SUSE-CU-2023:1463-1
SUSE-CU-2023:1464-1
SUSE-CU-2023:1465-1
SUSE-CU-2023:1466-1
SUSE-CU-2023:1467-1
SUSE-CU-2023:1498-1
SUSE-CU-2023:1619-1
SUSE-CU-2023:1621-1
SUSE-CU-2023:1836-1
SUSE-CU-2023:1838-1
SUSE-CU-2023:1839-1
SUSE-CU-2023:1840-1
SUSE-CU-2023:1844-1
SUSE-CU-2023:1897-1
SUSE-CU-2023:2047-1
SUSE-CU-2023:2048-1
SUSE-CU-2023:2049-1
SUSE-CU-2023:2050-1
SUSE-CU-2023:2051-1
SUSE-IU-2023:347-1
SUSE-IU-2023:348-1
SUSE-IU-2023:349-1
SUSE-SU-2023:2226-1
SUSE-SU-2023:2228-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Micro 5.4
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP5
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Micro 5.4 is installed
  • AND Package Information
  • curl is affected
  • OR libcurl4 is affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND Package Information
  • curl-8.0.1-150400.5.23.1 is installed
  • OR libcurl-devel-8.0.1-150400.5.23.1 is installed
  • OR libcurl4-8.0.1-150400.5.23.1 is installed
  • OR libcurl4-32bit-8.0.1-150400.5.23.1 is installed
    • BACK