CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 1CVE-2022-43552 – curl: Use-after-free triggered by an HTTP proxy deny response
https://notcve.org/view.php?id=CVE-2022-43552
06 Jan 2023 — A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. A vulnerability was found in curl. • http://seclists.org/fulldisclosure/2023/Mar/17 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2022-43551 – curl: HSTS bypass via IDN
https://notcve.org/view.php?id=CVE-2022-43551
23 Dec 2022 — A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the comm... • https://hackerone.com/reports/1755083 • CWE-319: Cleartext Transmission of Sensitive Information •