Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2022-32221

Published: 05/12/2022 Updated: 27/03/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Haxx

Vulnerability Summary

It exists that curl incorrectly handled certain HTTP proxy return codes. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42915)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx curl

netapp clustered data ontap -

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h410s_firmware -

debian debian linux 10.0

debian debian linux 11.0

apple macos

splunk universal forwarder 9.1.0

splunk universal forwarder

Vendor Advisories

Ubuntu Security Notice: USN-5702-1: curl vulnerabilities
Several security issues were fixed in curl ...
Ubuntu Security Notice: USN-5702-2: curl vulnerability
curl could crash if it received a specially crafted POST operations after PUT operations ...
Debian Security Advisories: DSA-5330-1 curl -- security update
Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure For the stable distribution (bullseye), these problems have been fixed in version 7740-13+deb11u5 This update also revises the fix for CVE-2022-27774 released in DSA-5197-1 We recommen ...
Red Hat: Moderate: curl security update
Synopsis Moderate: curl security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for curl is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has rated this u ...
Red Hat: Moderate: curl security update
Synopsis Moderate: curl security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for curl is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security ...
Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update
Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2451 SP1 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Core ServicesRed Hat Product Securi ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2451 SP1 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sco ...
Amazon Linux 2: ALAS2-2022-1882
A vulnerability was found in curl The issue occurs when doing HTTP(S) transfers, where curl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set if it previously used the same handle to issue a `PUT` request which used that callback This flaw may surprise ...
Red Hat:
Description<!---->A vulnerability was found in curl The issue occurs when doing HTTP(S) transfers, where curl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set if it previously used the same handle to issue a `PUT` request which used that callback This ...
Amazon Linux 2022: ALAS-2022-246
ALAS-2022-246 Amazon Linux 2022 Security Advisory: ALAS-2022-246 Advisory Release Date: 2022-12-06 16:44 Pacific ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/SaintsConnor/Exploits

All CVE Exploits used by connor including code.

Exploits All CVE Exploits used by connor including code Current Exploits (Format: CVE | Codename | PrivEsc/RCE/Other) 2017: CVE-2017-0144 | EternalBlue | RCE 2021: CVE-2021-1675 | Print Nightmare | PrivEsc 2022: CVE-2022-22817 | None | Arbitary Code Execution CVE-2022-32221 | None | Buffer Overflow

References

CWE-668https://hackerone.com/reports/1704017https://security.gentoo.org/glsa/202212-01https://security.netapp.com/advisory/ntap-20230110-0006/https://support.apple.com/kb/HT213604https://support.apple.com/kb/HT213605http://seclists.org/fulldisclosure/2023/Jan/20http://seclists.org/fulldisclosure/2023/Jan/19https://www.debian.org/security/2023/dsa-5330https://lists.debian.org/debian-lts-announce/2023/01/msg00028.htmlhttps://security.netapp.com/advisory/ntap-20230208-0002/http://www.openwall.com/lists/oss-security/2023/05/17/4https://ubuntu.com/security/notices/USN-5702-1https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook