VDB
ALPINE-CVE-2023-27533
ALPINE-CVE-2023-27533
PUBLISHED
CVSS 8.800000190734863 HIGH
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.
Risk Scores
CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.15 | curl | 7.47.0-r0, 7.47.1-r0, 7.48.0-r0 |
| Alpine:v3.16 | curl | 7.38.0-r0, 7.50.2-r0, 7.37.0-r0 |
| Alpine:v3.18 | curl | 7.64.0-r0, 7.63.0-r0, 7.62.0-r2 |
| Alpine:v3.21 | curl | 7.61.1-r0, 7.21.2-r0, 0 |
| Alpine:v3.17 | curl | 7.73.0-r0, 0, 7.19.2-r0 |
| Alpine:v3.23 | curl | 7.33.0-r0, 0, 7.19.2-r0 |
| Alpine:v3.19 | curl | 0, 7.88.1-r0, 7.88.0-r1 |
| Alpine:v3.14 | curl | 0, 7.19.2-r0, 7.19.2-r1 |
| Alpine:v3.22 | curl | 7.88.1-r1, 0, 7.19.2-r0 |
| Alpine:v3.20 | curl | 7.50.2-r0, 0, 7.19.2-r0 |
Timeline
- Mar 30, 2023 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch