Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2022-27781

Published: 02/06/2022 Updated: 27/03/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Haxx

Vulnerability Summary

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx curl

debian debian linux 10.0

debian debian linux 11.0

netapp hci_bootstrap_os -

netapp clustered data ontap -

netapp solidfire \\& hci management node -

netapp hci compute node -

netapp solidfire\\, enterprise sds \\& hci storage node -

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h410s_firmware -

splunk universal forwarder 9.1.0

splunk universal forwarder

Vendor Advisories

Ubuntu Security Notice: USN-5499-1: curl vulnerabilities
Several security issues were fixed in curl ...
Ubuntu Security Notice: USN-5412-1: curl vulnerabilities
Several security issues were fixed in curl ...
Debian Security Advisories: DSA-5197-1 curl -- security update
Multiple security vulnerabilities have been discovered in cURL, an URL transfer library These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack For the stable distribution (bullseye), these problems have been fixed in version 7740-13+deb11u2 We ...
Amazon Linux 2: ALAS2-2023-1924
A vulnerability was found in curl This issue occurs due to an erroneous function A malicious server could make curl within Network Security Services (NSS) get stuck in a never-ending busy loop when trying to retrieve that information This flaw allows an Infinite Loop, affecting system availability (CVE-2022-27781) A vulnerability was found in c ...
Amazon Linux AMI: ALAS-2022-1646
A vulnerability was found in curl This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials set for this transfer This issue leads to an authentication bypass, either by mistake or by a malicious actor (CVE-2022-22576) A vulnerability was found in ...
Arch Linux Issues:
libcurl provides the `CURLOPT_CERTINFO` option to allow applications to request details to be returned about a TLS server's certificate chain Due to an erroneous function, a malicious server could make libcurl built with NSS get stuck in a never-ending busy-loop when trying to retrieve that information ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-835https://hackerone.com/reports/1555441https://security.netapp.com/advisory/ntap-20220609-0009/https://www.debian.org/security/2022/dsa-5197https://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlhttps://security.gentoo.org/glsa/202212-01https://ubuntu.com/security/notices/USN-5499-1https://ubuntu.com/security/notices/USN-5412-1https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook