VuXML ID | Description |
11e36890-d28c-11ec-a06f-d4c9ef517024 | curl -- Multiple vulnerabilities
The curl project reports:
CVE-2022-27778: curl removes wrong file on error
CVE-2022-27779: cookie for trailing dot TLD
CVE-2022-27780: percent-encoded path separator in URL host
CVE-2022-27781: CERTINFO never-ending busy-loop
CVE-2022-27782: TLS and SSH connection too eager reuse
CVE-2022-30115: HSTS bypass via trailing dot
Discovery 2022-05-11 Entry 2022-05-13 curl
< 7.83.1
CVE-2022-27778
CVE-2022-27779
CVE-2022-27780
CVE-2022-27781
CVE-2022-27782
CVE-2022-30115
https://curl.se/docs/security.html
|
ae5722a6-f5f0-11ec-856e-d4c9ef517024 | cURL -- Multiple vulnerabilities
The cURL project reports:
- CVE-2022-32205: Set-Cookie denial of service
- CVE-2022-32206: HTTP compression denial of service
- CVE-2022-32207: Unpreserved file permissions
- CVE-2022-32208: FTP-KRB bad message verification
Discovery 2022-06-27 Entry 2022-06-27 curl
ge 7.16.4 lt 7.84.0
CVE-2022-32205
CVE-2022-32206
CVE-2022-32207
CVE-2022-32208
https://curl.se/docs/security.html
|
aa646c01-ea0d-11eb-9b84-d4c9ef517024 | cURL -- Multiple vulnerabilities
The cURL project reports:
CURLOPT_SSLCERT mixup with Secure Transport (CVE-2021-22926)
TELNET stack contents disclosure again (CVE-2021-22925)
Bad connection reuse due to flawed path name checks (CVE-2021-92254)
Metalink download sends credentials (CVE-2021-92253)
Wrong content via metalink not discarded (CVE-2021-92252)
Discovery 2021-07-21 Entry 2021-07-21 curl
< 7.78.0
CVE-2021-22922
CVE-2021-22923
CVE-2021-22924
CVE-2021-22925
CVE-2021-22926
https://curl.se/docs/vuln-7.77.0.html
|
c9221ec9-17a2-11ec-b335-d4c9ef517024 | cURL -- Multiple vulnerabilities
The cURL project reports:
- UAF and double-free in MQTT sending (CVE-2021-22945)
- Protocol downgrade required TLS bypassed (CVE-2021-22946)
- STARTTLS protocol injection via MITM (CVE-2021-22945)
Discovery 2021-09-15 Entry 2021-09-17 Modified 2021-09-28 curl
ge 7.20.0 lt 7.79.0
CVE-2021-22945
CVE-2021-22946
CVE-2021-22947
https://curl.se/docs/security.html
|
0f99a30c-7b4b-11ed-9168-080027f5fec9 | curl -- multiple vulnerabilities
Daniel Stenberg reports:
- CVE-2022-32221: POST following PUT confusion
-
When doing HTTP(S) transfers, libcurl might erroneously
use the read callback
(
CURLOPT_READFUNCTION ) to ask for data to
send, even when the CURLOPT_POSTFIELDS
option has been set, if the same handle previously was
used to issue a PUT request which used that
callback. This flaw may surprise the application and
cause it to misbehave and either send off the wrong data
or use memory after free or similar in the subsequent
POST request. The problem exists in the
logic for a reused handle when it is changed from a PUT
to a POST.
- CVE-2022-35260: .netrc parser out-of-bounds access
-
curl can be told to parse a .netrc file for
credentials. If that file ends in a line with
consecutive non-white space letters and no newline, curl
could read past the end of the stack-based buffer, and
if the read works, write a zero byte possibly beyond its
boundary. This will in most cases cause a segfault or
similar, but circumstances might also cause different
outcomes. If a malicious user can provide a custom netrc
file to an application or otherwise affect its contents,
this flaw could be used as denial-of-service.
- CVE-2022-42915: HTTP proxy double-free
-
f curl is told to use an HTTP proxy for a transfer with
a non-HTTP(S) URL, it sets up the connection to the
remote server by issuing a CONNECT request to the proxy,
and then tunnels the rest of protocol through. An HTTP
proxy might refuse this request (HTTP proxies often only
allow outgoing connections to specific port numbers,
like 443 for HTTPS) and instead return a non-200
response code to the client. Due to flaws in the
error/cleanup handling, this could trigger a double-free
in curl if one of the following schemes were used in the
URL for the transfer: dict, gopher, gophers, ldap,
ldaps, rtmp, rtmps, telnet
- CVE-2022-42916: HSTS bypass via IDN
-
curl's HSTS check could be bypassed to trick it to keep
using HTTP. Using its HSTS support, curl can be
instructed to use HTTPS directly instead of using an
insecure clear-text HTTP step even when HTTP is provided
in the URL. This mechanism could be bypassed if the host
name in the given URL uses IDN characters that get
replaced to ASCII counterparts as part of the IDN
conversion. Like using the character UTF-8 U+3002
(IDEOGRAPHIC FULL STOP) instead of the common ASCII full
stop (U+002E) .. Like this: http://curlãÂÂseãÂÂ
Discovery 2022-10-26 Entry 2022-12-14 curl
< 7.86.0
CVE-2022-32221
CVE-2022-35260
CVE-2022-42915
CVE-2022-42916
https://curl.se/docs/CVE-2022-32221.html
https://curl.se/docs/CVE-2022-35260.html
https://curl.se/docs/CVE-2022-42915.html
https://curl.se/docs/CVE-2022-42916.html
|
92a4d881-c6cf-11ec-a06f-d4c9ef517024 | cURL -- Multiple vulnerabilities
The cURL project reports:
- OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
- Credential leak on redirect (CVE-2022-27774)
- Bad local IPv6 connection reuse (CVE-2022-27775)
- Auth/cookie leak on redirect (CVE-2022-27776)
Discovery 2022-04-27 Entry 2022-04-28 curl
< 7.83.0
CVE-2022-22576
CVE-2022-27774
CVE-2022-27775
CVE-2022-27776
https://curl.se/docs/vuln-7.82.0.html
|