SUSE update for curl



Published: 2022-08-16
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2022-27781
CVE-2022-27782
CVE-2022-32206
CVE-2022-32208
CWE-ID CWE-835
CWE-303
CWE-400
CWE-347
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
SUSE OpenStack Cloud Crowbar
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP
Operating systems & Components / Operating system

SUSE Linux Enterprise Server
Operating systems & Components / Operating system

SUSE OpenStack Cloud
Operating systems & Components / Operating system

libcurl4-debuginfo
Operating systems & Components / Operating system package or component

libcurl4-debuginfo-32bit
Operating systems & Components / Operating system package or component

libcurl4
Operating systems & Components / Operating system package or component

libcurl4-32bit
Operating systems & Components / Operating system package or component

curl-debugsource
Operating systems & Components / Operating system package or component

curl-debuginfo
Operating systems & Components / Operating system package or component

curl
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Infinite loop

EUVDB-ID: #VU63008

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-27781

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when handling requests with the CURLOPT_CERTINFO option. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected package curl to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 9

SUSE Linux Enterprise Server for SAP: 12-SP4

SUSE Linux Enterprise Server: 12-SP4-LTSS

SUSE OpenStack Cloud: 9

libcurl4-debuginfo: before 7.60.0-4.38.1

libcurl4-debuginfo-32bit: before 7.60.0-4.38.1

libcurl4: before 7.60.0-4.38.1

libcurl4-32bit: before 7.60.0-4.38.1

curl-debugsource: before 7.60.0-4.38.1

curl-debuginfo: before 7.60.0-4.38.1

curl: before 7.60.0-4.38.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222813-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Incorrect Implementation of Authentication Algorithm

EUVDB-ID: #VU63009

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-27782

CWE-ID: CWE-303 - Incorrect Implementation of Authentication Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several TLS and SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.

Mitigation

Update the affected package curl to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 9

SUSE Linux Enterprise Server for SAP: 12-SP4

SUSE Linux Enterprise Server: 12-SP4-LTSS

SUSE OpenStack Cloud: 9

libcurl4-debuginfo: before 7.60.0-4.38.1

libcurl4-debuginfo-32bit: before 7.60.0-4.38.1

libcurl4: before 7.60.0-4.38.1

libcurl4-32bit: before 7.60.0-4.38.1

curl-debugsource: before 7.60.0-4.38.1

curl-debuginfo: before 7.60.0-4.38.1

curl: before 7.60.0-4.38.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222813-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource exhaustion

EUVDB-ID: #VU64682

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32206

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure processing of compressed HTTP responses. A malicious server can send a specially crafted HTTP response to curl and perform a denial of service attack by forcing curl to spend enormous amounts of allocated heap memory, or trying to and returning out of memory errors.

Mitigation

Update the affected package curl to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 9

SUSE Linux Enterprise Server for SAP: 12-SP4

SUSE Linux Enterprise Server: 12-SP4-LTSS

SUSE OpenStack Cloud: 9

libcurl4-debuginfo: before 7.60.0-4.38.1

libcurl4-debuginfo-32bit: before 7.60.0-4.38.1

libcurl4: before 7.60.0-4.38.1

libcurl4-32bit: before 7.60.0-4.38.1

curl-debugsource: before 7.60.0-4.38.1

curl-debuginfo: before 7.60.0-4.38.1

curl: before 7.60.0-4.38.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222813-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU64685

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32208

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper handling of message verification failures when performing FTP transfers secured by krb5. A remote attacker can perform MitM attack and manipulate data.

Mitigation

Update the affected package curl to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 9

SUSE Linux Enterprise Server for SAP: 12-SP4

SUSE Linux Enterprise Server: 12-SP4-LTSS

SUSE OpenStack Cloud: 9

libcurl4-debuginfo: before 7.60.0-4.38.1

libcurl4-debuginfo-32bit: before 7.60.0-4.38.1

libcurl4: before 7.60.0-4.38.1

libcurl4-32bit: before 7.60.0-4.38.1

curl-debugsource: before 7.60.0-4.38.1

curl-debuginfo: before 7.60.0-4.38.1

curl: before 7.60.0-4.38.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222813-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###