Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-43551

Published: 23/12/2022 Updated: 27/03/2024
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Curl

Vulnerability Summary

A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx curl

fedoraproject fedora 37

netapp snapcenter -

netapp oncommand workflow automation -

netapp oncommand insight -

netapp active iq unified manager -

splunk universal forwarder 9.1.0

splunk universal forwarder

Vendor Advisories

Ubuntu Security Notice: USN-5788-1: curl vulnerabilities
Several security issues were fixed in curl ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2451 SP2 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Apache HTTP Server 2451 Service Pack 2 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2451 SP2 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2 ...
Debian CVElist Bug Report Logs: curl: CVE-2022-43552: HTTP Proxy deny use-after-free
Debian Bug report logs - #1026830 curl: CVE-2022-43552: HTTP Proxy deny use-after-free Package: src:curl; Maintainer for src:curl is Alessandro Ghedini &lt;ghedo@debianorg&gt;; Reported by: Salvatore Bonaccorso &lt;carnil@debianorg&gt; Date: Wed, 21 Dec 2022 20:33:06 UTC Severity: important Tags: security, upstream Found in v ...
Debian CVElist Bug Report Logs: curl: CVE-2022-43551: Another HSTS bypass via IDN
Debian Bug report logs - #1026829 curl: CVE-2022-43551: Another HSTS bypass via IDN Package: src:curl; Maintainer for src:curl is Alessandro Ghedini &lt;ghedo@debianorg&gt;; Reported by: Salvatore Bonaccorso &lt;carnil@debianorg&gt; Date: Wed, 21 Dec 2022 20:33:03 UTC Severity: important Tags: security, upstream Found in vers ...
Amazon Linux 2: ALAS2-2023-1924
A vulnerability was found in curl This issue occurs due to an erroneous function A malicious server could make curl within Network Security Services (NSS) get stuck in a never-ending busy loop when trying to retrieve that information This flaw allows an Infinite Loop, affecting system availability (CVE-2022-27781) A vulnerability was found in c ...
Red Hat:
Description<!---->A vulnerability was found in curl The issue can occur when curl's HSTS check is bypassed to trick it to keep using HTTP Using its HSTS support, curl can be instructed to use HTTPS instead of an insecure clear-text HTTP step even when providing HTTP in the URL Suppose the hostname in the given URL first uses IDN characters that ...
Apple: macOS Ventura 13.3
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the&nbsp;Apple security updates&nbsp;page Apple security documents reference vulnerabilities by&nbsp;CVE-ID&nbsp ...
Brocade Security Advisories: Access Denied
Menu Log in ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-319https://hackerone.com/reports/1755083https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVWZW5CNSJ7UYAF2BGSYAWAEXDJYUBHA/https://security.netapp.com/advisory/ntap-20230427-0007/https://security.gentoo.org/glsa/202310-12https://ubuntu.com/security/notices/USN-5788-1https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10https://alas.aws.amazon.com/AL2/ALAS-2023-1924.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook