CVE-2022-32206 – curl: HTTP compression denial of service
https://notcve.org/view.php?id=CVE-2022-32206
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. curl versiones anteriores a 7.84.0, soporta algoritmos de compresión HTTP "encadenados", lo que significa que una respuesta al servidor puede ser comprimida múltiples veces y potencialmente con diferentes algoritmos. El número de "eslabones" aceptables en esta "cadena de descompresión" era ilimitado, lo que permitía a un servidor malicioso insertar un número prácticamente ilimitado de pasos de compresión. El uso de una cadena de descompresión de este tipo podía resultar en una "bomba de malloc", haciendo que curl acabara gastando enormes cantidades de memoria de montón asignada, o intentando y devolviendo errores de memoria A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 http://www.openwall.com/lists/oss-security/2023/02/15/3 https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf https://hackerone.com/reports/1570651 https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY https://security.gentoo.org/glsa/202212-01 https:/ • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-27775 – curl: bad local IPv6 connection reuse
https://notcve.org/view.php?id=CVE-2022-27775
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. Se presenta una vulnerabilidad de divulgación de información en curl versiones 7.65.0 a 7.82.0, son vulnerables que al usar una dirección IPv6 que estaba en el pool de conexiones pero con un id de zona diferente podría reusar una conexión en su lugar A vulnerability was found in curl. This security flaw occurs due to errors in the logic where the config matching function did not take the IPv6 address zone id into account. This issue can lead to curl reusing the wrong connection when one transfer uses a zone id, and the subsequent transfer uses another. • https://hackerone.com/reports/1546268 https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0008 https://www.debian.org/security/2022/dsa-5197 https://access.redhat.com/security/cve/CVE-2022-27775 https://bugzilla.redhat.com/show_bug.cgi?id=2078388 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-27774 – curl: credential leak on redirect
https://notcve.org/view.php?id=CVE-2022-27774
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. Una vulnerabilidad de credenciales insuficientemente protegidas se presenta en curl versión 4.9 a e incluyen curl versión 7.82.0 están afectados que podría permitir a un atacante para extraer credenciales cuando sigue redireccionamientos HTTP(S) es usado con la autenticación podría filtrar credenciales a otros servicios que se presentan en diferentes protocolos o números de puerto A vulnerability was found in curl. This security flaw allows leaking credentials to other servers when it follows redirects from auth-protected HTTP(S) URLs to other protocols and port numbers. • https://hackerone.com/reports/1543773 https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0008 https://www.debian.org/security/2022/dsa-5197 https://access.redhat.com/security/cve/CVE-2022-27774 https://bugzilla.redhat.com/show_bug.cgi?id=2077547 • CWE-522: Insufficiently Protected Credentials •
CVE-2022-27776 – curl: auth/cookie leak on redirect
https://notcve.org/view.php?id=CVE-2022-27776
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Una vulnerabilidad de credenciales insuficientemente protegidas fijada en curl versión 7.83.0, podría filtrar datos de autenticación o de encabezados de cookies en redireccionamientos HTTP al mismo host pero con otro número de puerto A vulnerability was found in curl. This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number. Sending the same set of headers to a server on a different port number is a problem for applications that pass on custom `Authorization:` or `Cookie:`headers. Those headers often contain privacy-sensitive information or data. • https://hackerone.com/reports/1547048 https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0008 https://www.debian.org/security/2022/dsa-5197 https://access.redh • CWE-522: Insufficiently Protected Credentials •
CVE-2022-27782 – curl: TLS and SSH connection too eager reuse
https://notcve.org/view.php?id=CVE-2022-27782
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. libcurl reusaba una conexión creada previamente incluso cuando había sido cambiada una opción relacionada con TLS o SSH que debería haber prohibido el reúso. libcurl mantiene las conexiones usadas previamente en un pool de conexiones para que las transferencias posteriores las reúsen si una de ellas coincide con la configuración. Sin embargo, varias opciones relacionadas con TLS y SSH se dejaron fuera de las comprobaciones de coincidencia de la configuración, lo que hizo que coincidieran con demasiada facilidad A vulnerability was found in curl. This issue occurs because curl can reuse a previously created connection even when a TLS or SSH-related option is changed that should have prohibited reuse. This flaw leads to an authentication bypass, either by mistake or by a malicious actor. • http://www.openwall.com/lists/oss-security/2023/03/20/6 https://hackerone.com/reports/1555796 https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0009 https://www.debian.org/security/2022/dsa-5197 https://access.redhat.com/security/cve/CVE-2022-27782 https://bugzilla.redhat.com/show_bug.cgi?id=2082215 • CWE-295: Improper Certificate Validation CWE-840: Business Logic Errors •