#VU70457 Security features bypass in cURL


Published: 2022-12-21

Vulnerability identifier: #VU70457

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43551

CWE-ID: CWE-254

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
cURL
Client/Desktop applications / Other client software

Vendor: curl.haxx.se

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists in the way curl handles IDN characters in hostnames. The HSTS mechanism could be bypassed if the hostname in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Then in a subsequent request it does not detect the HSTS state and makes a clear text transfer.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

cURL: 7.77.0 - 7.86.0

External links
http://curl.haxx.se/docs/CVE-2022-43551.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Engineering Requirements Management DOORS/DWA
openEuler 22.03 LTS update for mysql
openEuler 22.03 LTS SP2 update for mysql
openEuler 22.03 LTS SP1 update for mysql
Gentoo update for curl
Splunk Enterprise update for third-party packages
Multiple vulnerabilities in Oracle Solaris third-party software
Multiple vulnerabilities in Dell Data Protection Central
Multiple vulnerabilities in IBM Spectrum Copy Data Management
Multiple vulnerabilities in Dell PowerProtect Cyber Recovery