Main Vulnerability Database Vulnerabilities #VU63005

#VU63005 Information disclosure in cURL - CVE-2022-27779

Published: May 11, 2022

Vulnerability identifier: #VU63005

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-27779

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
cURL

Software vendor:
curl.haxx.se

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the host name is provided with a trailing dot. As a result, an attacker can create cookie files that are later sent to a different and unrelated site or domain.

Remediation

Install updates from vendor's website.

External links

https://curl.haxx.se/docs/CVE-2022-27779.html

#VU63005 Information disclosure in cURL - CVE-2022-27779

Description

Remediation

External links

Please verify you're human