{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2023-27533: telnet: only accept option arguments in ascii", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777463367", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777463367" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/rhel7els/advisories/2026/clsa-2026_1777463367.json" } ], "tracking": { "current_release_date": "2026-04-29T14:28:58Z", "generator": { "date": "2026-04-29T14:28:58Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1777463367", "initial_release_date": "2026-04-29T11:49:29Z", "revision_history": [ { "date": "2026-04-29T11:49:29Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-29T14:28:58Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "curl: Fix of CVE-2023-27533" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7", "product_identification_helper": { "cpe": "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "product": { "name": "curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "product_id": "curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/curl@7.29.0-59.0.3.el7_9.2.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "product": { "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "product_id": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcurl@7.29.0-59.0.3.el7_9.2.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "product": { "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "product_id": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcurl-devel@7.29.0-59.0.3.el7_9.2.tuxcare.els2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686", "product": { "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686", "product_id": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcurl@7.29.0-59.0.3.el7_9.2.tuxcare.els2?arch=i686" } } }, { "category": "product_version", "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686", "product": { "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686", "product_id": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcurl-devel@7.29.0-59.0.3.el7_9.2.tuxcare.els2?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64" }, "product_reference": "curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686" }, "product_reference": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64" }, "product_reference": "libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64" }, "product_reference": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686" }, "product_reference": "libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686", "relates_to_product_reference": "Red-Hat-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-27533", "cwe": { "id": "CWE-75", "name": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)" }, "notes": [ { "category": "description", "text": "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "Red-Hat-7:libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686", "Red-Hat-7:libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "Red-Hat-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686", "Red-Hat-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-27533" }, { "category": "external", "summary": "https://hackerone.com/reports/1891474", "url": "https://hackerone.com/reports/1891474" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html", "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202310-12", "url": "https://security.gentoo.org/glsa/202310-12" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230420-0011/", "url": "https://security.netapp.com/advisory/ntap-20230420-0011/" } ], "release_date": "2023-03-30T20:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-29T11:49:29.859439Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1777463367", "product_ids": [ "Red-Hat-7:curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "Red-Hat-7:libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686", "Red-Hat-7:libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "Red-Hat-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686", "Red-Hat-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1777463367" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:curl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "Red-Hat-7:libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686", "Red-Hat-7:libcurl-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64", "Red-Hat-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.i686", "Red-Hat-7:libcurl-devel-0:7.29.0-59.0.3.el7_9.2.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }