#VU70457 Security features bypass in cURL - CVE-2022-43551


Vulnerability identifier: #VU70457

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-43551

CWE-ID: CWE-254

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
cURL
Client/Desktop applications / Other client software

Vendor: curl.haxx.se

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists in the way curl handles IDN characters in hostnames. The HSTS mechanism could be bypassed if the hostname in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Then in a subsequent request it does not detect the HSTS state and makes a clear text transfer.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

cURL: 7.77.0 - 7.86.0

External links
https://curl.haxx.se/docs/CVE-2022-43551.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 20.03 LTS SP4 update for mysql
Multiple vulnerabilities in Dell ObjectScale
Amazon Linux AMI update for curl
Multiple vulnerabilities in Dell ThinOS
Multiple vulnerabilities in IBM Engineering Requirements Management DOORS/DWA
openEuler 22.03 LTS update for mysql
openEuler 22.03 LTS SP2 update for mysql
openEuler 22.03 LTS SP1 update for mysql
Gentoo update for curl
Splunk Enterprise update for third-party packages