When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2022/Oct/28 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2022/Oct/41 | Mailing List Third Party Advisory |
https://hackerone.com/reports/1590071 | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/ | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202212-01 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220915-0003/ | Third Party Advisory |
https://support.apple.com/kb/HT213488 | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5197 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
|
Configuration 11 (hide)
|
History
27 Mar 2024, 15:00
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:* cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:* |
|
First Time |
Splunk
Splunk universal Forwarder |
07 Nov 2023, 03:47
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
05 Jan 2023, 17:43
Type | Values Removed | Values Added |
---|---|---|
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Oct/28 - Mailing List, Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Oct/41 - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202212-01 - Third Party Advisory |
19 Dec 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Nov 2022, 02:36
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | |
First Time |
Apple macos
Apple |
|
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Oct/41 - Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213488 - Third Party Advisory |
30 Oct 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Oct 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Sep 2022, 19:51
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp h410s Firmware
Netapp element Software Fedoraproject Fedoraproject fedora Netapp bootstrap Os Netapp h300s Firmware Netapp h700s Firmware Debian Netapp h500s Firmware Netapp clustered Data Ontap Netapp h500s Netapp h700s Netapp h300s Netapp solidfire Debian debian Linux Netapp h410s Netapp hci Management Node Netapp Netapp hci Compute Node |
|
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5197 - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220915-0003/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:* |
15 Sep 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Aug 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Aug 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Jul 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jul 2022, 17:40
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://hackerone.com/reports/1590071 - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 5.9 |
CPE | cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* | |
First Time |
Haxx curl
Haxx |
|
CWE | CWE-787 |
07 Jul 2022, 13:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-07 13:15
Updated : 2024-03-27 15:00
NVD link : CVE-2022-32208
Mitre link : CVE-2022-32208
CVE.ORG link : CVE-2022-32208
JSON object : View
Products Affected
netapp
- h700s_firmware
- element_software
- hci_management_node
- clustered_data_ontap
- hci_compute_node
- h700s
- h300s_firmware
- bootstrap_os
- h300s
- h500s
- h410s
- h410s_firmware
- solidfire
- h500s_firmware
debian
- debian_linux
splunk
- universal_forwarder
apple
- macos
fedoraproject
- fedora
haxx
- curl