CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 1CVE-2022-27780
https://notcve.org/view.php?id=CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more. El analizador de URLs de Curl acepta erróneamente separadores de URL codificados en porcentaje, como "/", cuando decodifica la parte del nombre del host de una URL, convirtiéndola en una URL *diferente* que usa un nombre de host incorrecto cuando es recuperado posteriormente. Por ejemplo, una URL como "http://example.com%2F127.0.0.1/", sería permitida por el analizador y sería transpuesta a "http://example.com/127.0.0.1/". Este fallo puede usarse para omitir filtros, comprobaciones y otras cosas • https://hackerone.com/reports/1553841 https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0009 • CWE-177: Improper Handling of URL Encoding (Hex Encoding) CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-27782 – curl: TLS and SSH connection too eager reuse
https://notcve.org/view.php?id=CVE-2022-27782
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. libcurl reusaba una conexión creada previamente incluso cuando había sido cambiada una opción relacionada con TLS o SSH que debería haber prohibido el reúso. libcurl mantiene las conexiones usadas previamente en un pool de conexiones para que las transferencias posteriores las reúsen si una de ellas coincide con la configuración. Sin embargo, varias opciones relacionadas con TLS y SSH se dejaron fuera de las comprobaciones de coincidencia de la configuración, lo que hizo que coincidieran con demasiada facilidad A vulnerability was found in curl. This issue occurs because curl can reuse a previously created connection even when a TLS or SSH-related option is changed that should have prohibited reuse. This flaw leads to an authentication bypass, either by mistake or by a malicious actor. • http://www.openwall.com/lists/oss-security/2023/03/20/6 https://hackerone.com/reports/1555796 https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0009 https://www.debian.org/security/2022/dsa-5197 https://access.redhat.com/security/cve/CVE-2022-27782 https://bugzilla.redhat.com/show_bug.cgi?id=2082215 • CWE-295: Improper Certificate Validation CWE-840: Business Logic Errors •
CVSS: 8.1EPSS: 0%CPEs: 20EXPL: 1CVE-2022-22576 – curl: OAUTH2 bearer bypass in connection re-use
https://notcve.org/view.php?id=CVE-2022-22576
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). Se presenta una vulnerabilidad de autenticación inapropiada en curl versiones 7.33.0 hasta 7.82.0 incluyéndola, que podría permitir reúso de conexiones autenticadas por OAUTH2 sin asegurarse apropiadamente de que la conexión fue autenticada con las mismas credenciales establecidas para esta transferencia. Esto afecta a los protocolos con SASL: SMPTP(S), IMAP(S), POP3(S) y LDAP(S) (sólo openldap) A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials set for this transfer. • https://hackerone.com/reports/1526328 https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0008 https://www.debian.org/security/2022/dsa-5197 https://access.redhat.com/security/cve/CVE-2022-22576 https://bugzilla.redhat.com/show_bug.cgi?id=2077541 • CWE-287: Improper Authentication CWE-295: Improper Certificate Validation CWE-306: Missing Authentication for Critical Function •