Multiple vulnerabilities in cURL

Published: 2022-12-21

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2022-43551 CVE-2022-43552
CWE-ID	CWE-254 CWE-416
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	cURL Client/Desktop applications / Other client software
Vendor	curl.haxx.se

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Security features bypass

EUVDB-ID: #VU70457

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43551

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists in the way curl handles IDN characters in hostnames. The HSTS mechanism could be bypassed if the hostname in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Then in a subsequent request it does not detect the HSTS state and makes a clear text transfer.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

cURL: 7.77.0 - 7.86.0

External links

http://curl.haxx.se/docs/CVE-2022-43551.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU70456

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43552

CWE-ID: CWE-416 - Use After Free