CVE-2023-27536

NameCVE-2023-27536
DescriptionAn authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3398-1, ELA-831-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
curl (PTS)jessie, jessie (lts)7.38.0-4+deb8u28fixed
stretch (security)7.52.1-5+deb9u16vulnerable
stretch (lts), stretch7.52.1-5+deb9u22fixed
buster, buster (lts)7.64.0-4+deb10u10fixed
buster (security)7.64.0-4+deb10u9fixed
bullseye7.74.0-1.3+deb11u13fixed
bullseye (security)7.74.0-1.3+deb11u14fixed
bookworm7.88.1-10+deb12u8fixed
bookworm (security)7.88.1-10+deb12u5fixed
sid, trixie8.11.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
curlsourcejessie7.38.0-4+deb8u26ELA-831-1
curlsourcestretch7.52.1-5+deb9u19ELA-831-1
curlsourcebuster7.64.0-4+deb10u6DLA-3398-1
curlsourcebullseye7.74.0-1.3+deb11u8
curlsource(unstable)7.88.1-7

Notes

https://curl.se/docs/CVE-2023-27536.html
Introduced by: https://github.com/curl/curl/commit/ebf42c4be76df40ec6d3bf32f229bbb274e2c32f (curl-7_22_0)
Fixed by: https://github.com/curl/curl/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5 (curl-8_0_0)
Search for package or bug name: Reporting problems