UBUNTU-CVE-2023-27536

Source
https://ubuntu.com/security/CVE-2023-27536
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27536.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-27536
Related
Published
2023-03-20T00:00:00Z
Modified
2024-11-20T12:28:34Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPTGSSAPIDELEGATION option has been changed.

References

Affected packages

Ubuntu:Pro:14.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.35.0-1ubuntu2.20+esm15

Affected versions

7.*

7.32.0-1ubuntu1
7.33.0-1ubuntu1
7.34.0-1ubuntu1
7.35.0-1ubuntu1
7.35.0-1ubuntu2
7.35.0-1ubuntu2.1
7.35.0-1ubuntu2.2
7.35.0-1ubuntu2.3
7.35.0-1ubuntu2.5
7.35.0-1ubuntu2.6
7.35.0-1ubuntu2.7
7.35.0-1ubuntu2.8
7.35.0-1ubuntu2.9
7.35.0-1ubuntu2.10
7.35.0-1ubuntu2.11
7.35.0-1ubuntu2.12
7.35.0-1ubuntu2.13
7.35.0-1ubuntu2.14
7.35.0-1ubuntu2.15
7.35.0-1ubuntu2.16
7.35.0-1ubuntu2.17
7.35.0-1ubuntu2.19
7.35.0-1ubuntu2.20
7.35.0-1ubuntu2.20+esm3
7.35.0-1ubuntu2.20+esm4
7.35.0-1ubuntu2.20+esm5
7.35.0-1ubuntu2.20+esm6
7.35.0-1ubuntu2.20+esm7
7.35.0-1ubuntu2.20+esm8
7.35.0-1ubuntu2.20+esm9
7.35.0-1ubuntu2.20+esm10
7.35.0-1ubuntu2.20+esm11
7.35.0-1ubuntu2.20+esm12
7.35.0-1ubuntu2.20+esm13
7.35.0-1ubuntu2.20+esm14

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "curl-udeb"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "curl-udeb-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "libcurl3"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "libcurl3-dbg"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "libcurl3-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "libcurl3-udeb"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "libcurl3-udeb-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "libcurl4-gnutls-dev-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "libcurl4-nss-dev-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "libcurl4-openssl-dev"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm15",
            "binary_name": "libcurl4-openssl-dev-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.47.0-1ubuntu2.19+esm8

Affected versions

7.*

7.43.0-1ubuntu2
7.45.0-1ubuntu1
7.46.0-1ubuntu1
7.47.0-1ubuntu1
7.47.0-1ubuntu2
7.47.0-1ubuntu2.1
7.47.0-1ubuntu2.2
7.47.0-1ubuntu2.3
7.47.0-1ubuntu2.4
7.47.0-1ubuntu2.5
7.47.0-1ubuntu2.6
7.47.0-1ubuntu2.7
7.47.0-1ubuntu2.8
7.47.0-1ubuntu2.9
7.47.0-1ubuntu2.11
7.47.0-1ubuntu2.12
7.47.0-1ubuntu2.13
7.47.0-1ubuntu2.14
7.47.0-1ubuntu2.15
7.47.0-1ubuntu2.16
7.47.0-1ubuntu2.18
7.47.0-1ubuntu2.19
7.47.0-1ubuntu2.19+esm1
7.47.0-1ubuntu2.19+esm2
7.47.0-1ubuntu2.19+esm3
7.47.0-1ubuntu2.19+esm4
7.47.0-1ubuntu2.19+esm5
7.47.0-1ubuntu2.19+esm6
7.47.0-1ubuntu2.19+esm7

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm8",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm8",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm8",
            "binary_name": "libcurl3"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm8",
            "binary_name": "libcurl3-dbg"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm8",
            "binary_name": "libcurl3-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm8",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm8",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm8",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm8",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm8",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm8",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm8",
            "binary_name": "libcurl4-gnutls-dev-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm8",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm8",
            "binary_name": "libcurl4-nss-dev-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm8",
            "binary_name": "libcurl4-openssl-dev"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm8",
            "binary_name": "libcurl4-openssl-dev-dbgsym"
        }
    ]
}

Ubuntu:18.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.58.0-2ubuntu3.24

Affected versions

7.*

7.55.1-1ubuntu2
7.55.1-1ubuntu2.1
7.57.0-1ubuntu1
7.58.0-2ubuntu1
7.58.0-2ubuntu2
7.58.0-2ubuntu3
7.58.0-2ubuntu3.1
7.58.0-2ubuntu3.2
7.58.0-2ubuntu3.3
7.58.0-2ubuntu3.5
7.58.0-2ubuntu3.6
7.58.0-2ubuntu3.7
7.58.0-2ubuntu3.8
7.58.0-2ubuntu3.9
7.58.0-2ubuntu3.10
7.58.0-2ubuntu3.12
7.58.0-2ubuntu3.13
7.58.0-2ubuntu3.14
7.58.0-2ubuntu3.15
7.58.0-2ubuntu3.16
7.58.0-2ubuntu3.17
7.58.0-2ubuntu3.18
7.58.0-2ubuntu3.19
7.58.0-2ubuntu3.20
7.58.0-2ubuntu3.21
7.58.0-2ubuntu3.22
7.58.0-2ubuntu3.23

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "7.58.0-2ubuntu3.24",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24",
            "binary_name": "libcurl4"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24",
            "binary_name": "libcurl4-dbgsym"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24",
            "binary_name": "libcurl4-openssl-dev"
        }
    ]
}

Ubuntu:20.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.68.0-1ubuntu2.18

Affected versions

7.*

7.65.3-1ubuntu3
7.65.3-1ubuntu4
7.66.0-1ubuntu1
7.67.0-2ubuntu1
7.68.0-1ubuntu1
7.68.0-1ubuntu2
7.68.0-1ubuntu2.1
7.68.0-1ubuntu2.2
7.68.0-1ubuntu2.4
7.68.0-1ubuntu2.5
7.68.0-1ubuntu2.6
7.68.0-1ubuntu2.7
7.68.0-1ubuntu2.10
7.68.0-1ubuntu2.11
7.68.0-1ubuntu2.12
7.68.0-1ubuntu2.13
7.68.0-1ubuntu2.14
7.68.0-1ubuntu2.15
7.68.0-1ubuntu2.16

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "7.68.0-1ubuntu2.18",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.18",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.18",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.18",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.18",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.18",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.18",
            "binary_name": "libcurl4"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.18",
            "binary_name": "libcurl4-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.18",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.18",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.18",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.18",
            "binary_name": "libcurl4-openssl-dev"
        }
    ]
}

Ubuntu:22.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.81.0-1ubuntu1.10

Affected versions

7.*

7.74.0-1.3ubuntu2
7.74.0-1.3ubuntu3
7.80.0-3
7.81.0-1
7.81.0-1ubuntu1.1
7.81.0-1ubuntu1.2
7.81.0-1ubuntu1.3
7.81.0-1ubuntu1.4
7.81.0-1ubuntu1.6
7.81.0-1ubuntu1.7
7.81.0-1ubuntu1.8

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "7.81.0-1ubuntu1.10",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.10",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.10",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.10",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.10",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.10",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.10",
            "binary_name": "libcurl4"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.10",
            "binary_name": "libcurl4-dbgsym"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.10",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.10",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.10",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.81.0-1ubuntu1.10",
            "binary_name": "libcurl4-openssl-dev"
        }
    ]
}