Fedora 36 update for curl
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2022-27782 CVE-2022-27779 CVE-2022-30115 CVE-2022-27780 |
| CWE-ID | CWE-303 CWE-200 CWE-319 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system curl Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Incorrect Implementation of Authentication Algorithm
EUVDB-ID: #VU63009
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-27782
CWE-ID:
CWE-303 - Incorrect Implementation of Authentication Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several TLS and SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 36
curl: before 7.82.0-5.fc36
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2022-d15a736748
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU63005
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27779
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the host name is provided with a trailing dot. As a result, an attacker can create cookie files that are later sent to a different and unrelated site or domain.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 36
curl: before 7.82.0-5.fc36
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2022-d15a736748
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cleartext transmission of sensitive information
EUVDB-ID: #VU63011
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-30115
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error in HSTS implementation that can allow curl to continue using HTTP protocol instead of HTTPS if the host name in the given URL used a trailing dot while not using one when it built the HSTS cache. A remote attacker with ability to intercept traffic can obtain potentially sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 36
curl: before 7.82.0-5.fc36
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2022-d15a736748
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU63007
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27780
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass filters and checks.
The vulnerability exists due to the curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the host name part of a URL, making it a different URL using the wrong host name when it is later retrieved. For example, the URL like http://example.com%2F10.0.0.1/, would be allowed by the parser and get transposed into http://example.com/10.0.0.1/.
A remote attacker can bypass various internal filters and checks and force the curl to connect to a wrong web application.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 36
curl: before 7.82.0-5.fc36
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2022-d15a736748
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
