libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "https://github.com/curl/curl",
    "versions": [
      {
        "version": "Fixed in 7.83.1",
        "status": "affected"
      }
    ]
  }
]

References

www.openwall.com/lists/oss-security/2023/03/20/6

hackerone.com/reports/1555796

lists.debian.org/debian-lts-announce/2022/08/msg00017.html

security.gentoo.org/glsa/202212-01

security.netapp.com/advisory/ntap-20220609-0009/

www.debian.org/security/2022/dsa-5197

cve 1

ibm 19

veracode 1

cbl_mariner 2

nvd 1

ubuntucve 2

amazon 2

cloudlinux 1

hackerone 2

redhatcve 1

debiancve 1

nessus 42

osv 6

alpinelinux 1

prion 1

openvas 25

mageia 1

suse 1

ubuntu 1

cloudfoundry 1

redhat 16

oraclelinux 2

fedora 3

almalinux 1

rocky 1

rosalinux 1

debian 3

redos 1

slackware 1

freebsd 1

altlinux 1

photon 7

aix 1

ics 2

gentoo 1

tenable 1

oracle 4

cve

CVE-2022-27782

2022-06-02 14:15:44

ibm

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to bypassing access restrictions due to [CVE-2022-27782]

2022-11-03 16:40:48

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in cURL libcurl (CVE-2022-27782)

2023-01-12 21:49:39

Security Bulletin: Vulnerability in libcURL affect IBM Rational ClearCase ( CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27782, CVE-2022-30115, CVE-2022-27774 )

2022-07-25 14:49:55

veracode

Authentication Bypass

2022-05-14 20:51:19

cbl_mariner

CVE-2022-27782 affecting package curl for versions less than 7.83.1-1

2022-07-01 21:02:21

CVE-2022-27782 affecting package curl 7.76.0-9

2022-08-24 22:05:05

nvd

CVE-2022-27782

2022-06-02 14:15:44

ubuntucve

CVE-2022-27782

2022-05-11 00:00:00

CVE-2023-27538

2023-03-20 00:00:00

amazon

Medium: curl

2022-07-06 03:01:00

Medium: curl

2022-12-01 17:33:00

cloudlinux

Fixed CVE-2022-27782 in curl

2022-07-04 19:12:03

hackerone

Internet Bug Bounty: CVE-2022-27782: TLS and SSH connection too eager reuse

2022-05-11 07:20:04

curl: CVE-2022-27782: TLS and SSH connection too eager reuse

2022-05-01 14:44:23

redhatcve

CVE-2022-27782

2022-05-11 07:37:05

debiancve

CVE-2022-27782

2022-06-02 14:15:44

nessus

Amazon Linux 2 : curl (ALAS-2022-1808)

2022-07-15 00:00:00

EulerOS 2.0 SP10 : curl (EulerOS-SA-2022-2238)

2022-08-17 00:00:00

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2022:1870-1)

2022-05-28 00:00:00

osv

CVE-2022-27782

2022-06-02 14:15:44

curl vulnerabilities

2022-05-11 13:14:58

Moderate: curl security update

2022-06-30 00:00:00

alpinelinux

CVE-2022-27782

2022-06-02 14:15:44

prion

Code injection

2022-06-02 14:15:00

openvas

Mageia: Security Advisory (MGASA-2022-0185)

2022-05-19 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:1870-1)

2022-05-30 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:1733-1)

2022-05-19 00:00:00

mageia

Updated curl packages fix security vulnerability

2022-05-15 13:06:40

suse

Security update for curl (important)

2022-05-27 00:00:00

ubuntu

curl vulnerabilities

2022-05-11 00:00:00

cloudfoundry

USN-5412-1: curl vulnerabilities | Cloud Foundry

2022-12-07 00:00:00

redhat

(RHSA-2022:5245) Moderate: curl security update

2022-06-28 08:27:15

(RHSA-2022:5313) Moderate: curl security update

2022-06-28 10:52:02

(RHSA-2022:5699) Moderate: Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 security update

2022-07-28 14:39:39

oraclelinux

curl security update

2022-06-30 00:00:00

curl security update

2022-06-30 00:00:00

fedora

[SECURITY] Fedora 36 Update: curl-7.82.0-5.fc36

2022-05-12 20:26:36

[SECURITY] Fedora 34 Update: curl-7.76.1-16.fc34

2022-05-24 01:41:08

[SECURITY] Fedora 35 Update: curl-7.79.1-4.fc35

2022-05-18 01:11:50

almalinux

Moderate: curl security update

2022-06-30 00:00:00

rocky

curl security update

2022-06-28 10:52:02

rosalinux

Advisory ROSA-SA-2023-2220

2023-08-22 13:18:19

debian

[SECURITY] [DLA 3288-1] curl security update

2023-01-28 21:19:47

[SECURITY] [DLA 3085-1] curl security update

2022-08-28 23:00:51

[SECURITY] [DSA 5197-1] curl security update

2022-08-01 16:58:44

redos

ROS-20220524-03

2022-05-24 00:00:00

slackware

[slackware-security] curl

2022-05-11 19:04:46

freebsd

curl -- Multiple vulnerabilities

2022-05-11 00:00:00

altlinux

Security fix for the ALT Linux 10 package curl version 7.83.1-alt1

2022-05-19 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0205

2022-06-27 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0205

2022-06-27 00:00:00

Important Photon OS Security Update - PHSA-2022-0486

2022-06-19 00:00:00

aix

Multiple vulnerabilities cURL libcurl affect AIX

2023-06-29 09:35:59

ics

Siemens RUGGEDCOM ROX

2023-07-13 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

gentoo

curl: Multiple Vulnerabilities

2022-12-19 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

oracle

Oracle Critical Patch Update Advisory - October 2022

2022-10-18 00:00:00

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.8%

JSON

Related for CVELIST:CVE-2022-27782