libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/03/20/6 | Mailing List |
https://hackerone.com/reports/1555796 | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202212-01 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220609-0009/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5197 | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
27 Mar 2024, 15:01
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2023/03/20/6 - Mailing List | |
CPE | cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:* cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:* |
|
First Time |
Splunk
Splunk universal Forwarder |
20 Mar 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Jan 2023, 17:51
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202212-01 - Third Party Advisory |
19 Dec 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Oct 2022, 20:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
|
First Time |
Debian debian Linux
Debian |
|
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5197 - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html - Mailing List, Third Party Advisory |
29 Aug 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Aug 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jun 2022, 18:33
Type | Values Removed | Values Added |
---|---|---|
First Time |
Haxx curl
Haxx |
|
CWE | CWE-295 | |
References | (MISC) https://hackerone.com/reports/1555796 - Exploit, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220609-0009/ - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* |
09 Jun 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Jun 2022, 14:53
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-02 14:15
Updated : 2024-03-27 15:01
NVD link : CVE-2022-27782
Mitre link : CVE-2022-27782
CVE.ORG link : CVE-2022-27782
JSON object : View
Products Affected
debian
- debian_linux
splunk
- universal_forwarder
haxx
- curl