CVE-2022-27775 – curl: bad local IPv6 connection reuse
https://notcve.org/view.php?id=CVE-2022-27775
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. Se presenta una vulnerabilidad de divulgación de información en curl versiones 7.65.0 a 7.82.0, son vulnerables que al usar una dirección IPv6 que estaba en el pool de conexiones pero con un id de zona diferente podría reusar una conexión en su lugar A vulnerability was found in curl. This security flaw occurs due to errors in the logic where the config matching function did not take the IPv6 address zone id into account. This issue can lead to curl reusing the wrong connection when one transfer uses a zone id, and the subsequent transfer uses another. • https://hackerone.com/reports/1546268 https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0008 https://www.debian.org/security/2022/dsa-5197 https://access.redhat.com/security/cve/CVE-2022-27775 https://bugzilla.redhat.com/show_bug.cgi?id=2078388 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-27774 – curl: credential leak on redirect
https://notcve.org/view.php?id=CVE-2022-27774
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. Una vulnerabilidad de credenciales insuficientemente protegidas se presenta en curl versión 4.9 a e incluyen curl versión 7.82.0 están afectados que podría permitir a un atacante para extraer credenciales cuando sigue redireccionamientos HTTP(S) es usado con la autenticación podría filtrar credenciales a otros servicios que se presentan en diferentes protocolos o números de puerto A vulnerability was found in curl. This security flaw allows leaking credentials to other servers when it follows redirects from auth-protected HTTP(S) URLs to other protocols and port numbers. • https://hackerone.com/reports/1543773 https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0008 https://www.debian.org/security/2022/dsa-5197 https://access.redhat.com/security/cve/CVE-2022-27774 https://bugzilla.redhat.com/show_bug.cgi?id=2077547 • CWE-522: Insufficiently Protected Credentials •
CVE-2022-30115
https://notcve.org/view.php?id=CVE-2022-30115
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL. usando su soporte HSTS, curl puede ser instruido para usar HTTPS directamente en lugar de usar un paso no seguro de texto sin cifrar HTTP incluso cuando HTTP es proporcionado en la URL. Este mecanismo podría ser omitido si el nombre de host en la URL dada usara un endpoint mientras no es usado uno cuando es construida la caché HSTS. O al revés, si el endpoint estuviera en la caché HSTS y *no* es usado el punto al final en la URL • http://www.openwall.com/lists/oss-security/2022/10/26/4 http://www.openwall.com/lists/oss-security/2022/12/21/1 https://hackerone.com/reports/1557449 https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0009 • CWE-319: Cleartext Transmission of Sensitive Information CWE-325: Missing Cryptographic Step •
CVE-2022-27776 – curl: auth/cookie leak on redirect
https://notcve.org/view.php?id=CVE-2022-27776
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Una vulnerabilidad de credenciales insuficientemente protegidas fijada en curl versión 7.83.0, podría filtrar datos de autenticación o de encabezados de cookies en redireccionamientos HTTP al mismo host pero con otro número de puerto A vulnerability was found in curl. This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number. Sending the same set of headers to a server on a different port number is a problem for applications that pass on custom `Authorization:` or `Cookie:`headers. Those headers often contain privacy-sensitive information or data. • https://hackerone.com/reports/1547048 https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0008 https://www.debian.org/security/2022/dsa-5197 https://access.redh • CWE-522: Insufficiently Protected Credentials •
CVE-2022-1678
https://notcve.org/view.php?id=CVE-2022-1678
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. Se ha detectado un problema en el Kernel de Linux de la 4.18 a 4.19, una actualización inapropiada de la referencia sock en el paso TCP puede conllevar a una pérdida de memoria/netns, que puede ser usada por clientes remotos • https://anas.openanolis.cn/cves/detail/CVE-2022-1678 https://anas.openanolis.cn/errata/detail/ANSA-2022:0143 https://bugzilla.openanolis.cn/show_bug.cgi?id=61 https://gitee.com/anolis/cloud-kernel/commit/bed537da691b https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com https://security.netapp.com/advisory/ntap-20220715-0001 • CWE-911: Improper Update of Reference Count •