CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-42916 – curl: HSTS bypass via IDN
https://notcve.org/view.php?id=CVE-2022-42916
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. En curl anterior a 7.86.0, se podía omitir la verificación HSTS para engañarlo y que se quedara con HTTP. • http://seclists.org/fulldisclosure/2023/Jan/19 http://seclists.org/fulldisclosure/2023/Jan/20 http://www.openwall.com/lists/oss-security/2022/12/21/1 https://curl.se/docs/CVE-2022-42916.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorap • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 0CVE-2022-32831
https://notcve.org/view.php?id=CVE-2022-32831
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. Se abordó una lectura fuera de límites con una comprobación de límites mejorada. Este problema ha sido corregido en Security Update 2022-005 Catalina, macOS Big Sur versión 11.6.8 y macOS Monterey versión 12.5. • https://support.apple.com/en-us/HT213343 https://support.apple.com/en-us/HT213344 https://support.apple.com/en-us/HT213345 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 0CVE-2022-32851
https://notcve.org/view.php?id=CVE-2022-32851
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. Se abordó un problema de lectura fuera de límites con una comprobación de entrada mejorada. Este problema ha sido corregido en Security Update 2022-005 Catalina, macOS Big Sur versión 11.6.8 y macOS Monterey versión 12.5. • https://support.apple.com/en-us/HT213343 https://support.apple.com/en-us/HT213344 https://support.apple.com/en-us/HT213345 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32825
https://notcve.org/view.php?id=CVE-2022-32825
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory. Se abordó este problema con un manejo de memoria mejorada. Este problema ha sido corregido en iOS versión 15.6 y iPadOS versión 15.6, macOS Big Sur versión 11.6.8, watchOS versión 8.7, tvOS versión 15.6, macOS Monterey versión 12.5. • https://support.apple.com/en-us/HT213340 https://support.apple.com/en-us/HT213342 https://support.apple.com/en-us/HT213344 https://support.apple.com/en-us/HT213345 https://support.apple.com/en-us/HT213346 •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-32842
https://notcve.org/view.php?id=CVE-2022-32842
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. An app may be able to gain elevated privileges. Se abordó un problema de lectura fuera de límites con una comprobación de entrada mejorada. Este problema ha sido corregido en Security Update 2022-005 Catalina, macOS Monterey versión 12.5. • https://support.apple.com/en-us/HT213343 https://support.apple.com/en-us/HT213345 • CWE-125: Out-of-bounds Read •