libcurl provides the CURLOPT_CERTINFO option to allow applications torequest details to be returned about a server’s certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

CPENameOperatorVersion
debian_linuxeq10.0
debian_linuxeq11.0
curllt7.83.1

Name	Operator	Version
debian_linux	eq	10.0
debian_linux	eq	11.0
curl	lt	7.83.1

References

hackerone.com/reports/1555441

lists.debian.org/debian-lts-announce/2022/08/msg00017.html

security.gentoo.org/glsa/202212-01

security.netapp.com/advisory/ntap-20220609-0009/

www.debian.org/security/2022/dsa-5197

cnvd 1

veracode 1

alpinelinux 1

cvelist 1

debiancve 1

cve 1

hackerone 2

osv 5

cbl_mariner 2

redhatcve 1

ubuntucve 1

nvd 1

nessus 29

openvas 22

mageia 1

suse 1

ubuntu 2

cloudfoundry 1

amazon 2

redos 1

rosalinux 1

slackware 1

freebsd 1

altlinux 1

photon 6

ibm 11

debian 2

redhat 2

ics 2

gentoo 1

tenable 1

oracle 4

cnvd

curl denial-of-service vulnerability (CNVD-2022-70596)

2022-05-13 00:00:00

veracode

Denial Of Service (DoS)

2022-05-14 20:51:18

alpinelinux

CVE-2022-27781

2022-06-02 14:15:44

cvelist

CVE-2022-27781

2022-06-01 00:00:00

debiancve

CVE-2022-27781

2022-06-02 14:15:44

cve

CVE-2022-27781

2022-06-02 14:15:44

hackerone

curl: CVE-2022-27781: CERTINFO never-ending busy-loop

2022-04-30 19:24:14

Internet Bug Bounty: CVE-2022-27781: CERTINFO never-ending busy-loop

2022-06-18 17:59:48

osv

CVE-2022-27781

2022-06-02 14:15:44

curl vulnerabilities

2022-07-01 02:04:04

curl vulnerabilities

2022-05-11 13:14:58

cbl_mariner

CVE-2022-27781 affecting package curl 7.76.0-9

2022-08-24 22:05:05

CVE-2022-27781 affecting package curl for versions less than 7.83.1-1

2022-07-01 21:02:21

redhatcve

CVE-2022-27781

2022-05-11 08:01:39

ubuntucve

CVE-2022-27781

2022-05-11 00:00:00

nvd

CVE-2022-27781

2022-06-02 14:15:44

nessus

EulerOS 2.0 SP10 : curl (EulerOS-SA-2022-2238)

2022-08-17 00:00:00

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2022:1870-1)

2022-05-28 00:00:00

Ubuntu 16.04 ESM : curl vulnerabilities (USN-5499-1)

2022-07-01 00:00:00

openvas

Mageia: Security Advisory (MGASA-2022-0185)

2022-05-19 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:1870-1)

2022-05-30 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:1733-1)

2022-05-19 00:00:00

mageia

Updated curl packages fix security vulnerability

2022-05-15 13:06:40

suse

Security update for curl (important)

2022-05-27 00:00:00

ubuntu

curl vulnerabilities

2022-07-01 00:00:00

curl vulnerabilities

2022-05-11 00:00:00

cloudfoundry

USN-5412-1: curl vulnerabilities | Cloud Foundry

2022-12-07 00:00:00

amazon

Medium: curl

2023-01-30 16:02:00

Medium: curl

2022-12-01 17:33:00

redos

ROS-20220524-03

2022-05-24 00:00:00

rosalinux

Advisory ROSA-SA-2024-2411

2024-05-02 09:04:51

slackware

[slackware-security] curl

2022-05-11 19:04:46

freebsd

curl -- Multiple vulnerabilities

2022-05-11 00:00:00

altlinux

Security fix for the ALT Linux 10 package curl version 7.83.1-alt1

2022-05-19 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0205

2022-06-27 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0205

2022-06-27 00:00:00

Important Photon OS Security Update - PHSA-2022-0486

2022-06-19 00:00:00

ibm

Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module use libcurl with multiple known vulnerabilities

2022-10-06 04:10:57

Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC

2022-09-23 22:05:12

Security Bulletin: Vulnerabilities in libcurl affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents

2022-09-19 22:54:30

debian

[SECURITY] [DLA 3085-1] curl security update

2022-08-28 23:00:51

[SECURITY] [DSA 5197-1] curl security update

2022-08-01 16:58:44

redhat

(RHSA-2022:8840) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

2022-12-08 12:59:13

(RHSA-2022:8841) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

2022-12-08 13:15:43

ics

Siemens RUGGEDCOM ROX

2023-07-13 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

gentoo

curl: Multiple Vulnerabilities

2022-12-19 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - October 2022

2022-10-18 00:00:00

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.3%

JSON

Related for PRION:CVE-2022-27781