PT-2023-2319 · Curl+9 · Curl+9

Harry Sintonen

·

Published

2023-03-20

·

Updated

2026-05-18

·

CVE-2023-27534

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions curl versions prior to 8.0.0
Description A path traversal vulnerability exists in the SFTP implementation of curl, where the tilde (~) character is wrongly replaced when used as a prefix in the first path element. This flaw can be exploited by attackers to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. The vulnerability allows for the circumvention of filtering or worse.
Recommendations For versions prior to 8.0.0, consider disabling the SFTP implementation until a patch is available. As a temporary workaround, avoid using the tilde (~) character as a prefix in the first path element when accessing servers via SFTP. Restrict access to SFTP servers to minimize the risk of exploitation.

Exploit

Fix

DoS

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALSA-2023:6679
ALT-PU-2023-1475
ALT-PU-2023-1501
ALT-PU-2023-5727
AZL-25784
AZL-25806
AZL-25810
AZL-25847
AZL-34607
AZL-38611
BDU:2023-02084
CLEANSTART-2026-AY18527
CLEANSTART-2026-BW46578
CLEANSTART-2026-DI23929
CLEANSTART-2026-LQ42192
CLEANSTART-2026-OF85770
CVE-2023-27534
DLA-3763-1
DLA-4213-1
MGASA-2023-0263
OESA-2023-1193
OESA-2023-1194
OESA-2023-1195
OESA-2023-1196
OPENSUSE-SU-2024:12812-1
RHSA-2023:3354
RHSA-2023:6679
RHSA-2023_6679
SUSE-SU-2023:0865-1
SUSE-SU-2023:1582-1
SUSE-SU-2023:1711-1
SUSE-SU-2023:2226-1
SUSE-SU-2023:2228-1
SUSE-SU-2024:2009-1
SUSE-SU-2026:0494-1
USN-5964-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Ibm Aix
Linuxmint
Red Hat
Red Os
Suse
Ubuntu
Curl