When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended.

CPENameOperatorVersion
macoslt13.0
debian_linuxeq11.0
fedoraeq35
curlge7.69.0
curllt7.84.0

Name	Operator	Version
macos	lt	13.0
debian_linux	eq	11.0
fedora	eq	35
curl	ge	7.69.0
curl	lt	7.84.0

References

seclists.org/fulldisclosure/2022/Oct/28

seclists.org/fulldisclosure/2022/Oct/41

hackerone.com/reports/1573634

lists.fedoraproject.org/archives/list/[email protected]/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/

security.gentoo.org/glsa/202212-01

security.netapp.com/advisory/ntap-20220915-0003/

support.apple.com/kb/HT213488

www.debian.org/security/2022/dsa-5197

ubuntucve 1

cve 1

hackerone 2

veracode 1

alpinelinux 1

cbl_mariner 2

nvd 1

osv 5

debiancve 1

redhatcve 1

nessus 29

cvelist 1

rocky 1

almalinux 1

oraclelinux 1

redhat 3

slackware 1

openvas 17

cloudfoundry 1

freebsd 1

mageia 1

photon 5

fedora 2

ubuntu 1

suse 1

ibm 9

amazon 1

ics 5

debian 1

gentoo 1

apple 1

tenable 1

oracle 1

ubuntucve

CVE-2022-32207

2022-06-27 00:00:00

cve

CVE-2022-32207

2022-07-07 13:15:08

hackerone

Internet Bug Bounty: CVE-2022-32207: Unpreserved file permissions

2022-06-27 07:07:21

curl: CVE-2022-32207: Unpreserved file permissions

2022-05-17 17:28:53

veracode

Privilege Escalation

2022-07-01 13:39:27

alpinelinux

CVE-2022-32207

2022-07-07 13:15:08

cbl_mariner

CVE-2022-32207 affecting package curl 7.76.0-9

2022-08-24 22:05:05

CVE-2022-32207 affecting package curl for versions less than 7.84.0-1

2022-08-03 21:15:00

nvd

CVE-2022-32207

2022-07-07 13:15:08

osv

CVE-2022-32207

2022-07-07 13:15:08

Moderate: curl security update

2022-08-24 14:56:48

Moderate: curl security update

2022-08-24 00:00:00

debiancve

CVE-2022-32207

2022-07-07 13:15:08

redhatcve

CVE-2022-32207

2022-06-28 03:35:45

nessus

CBL Mariner 2.0 Security Update: curl (CVE-2022-32207)

2023-03-20 00:00:00

Siemens SCALANCE XCM332 Incorrect Default Permissions (CVE-2022-32207)

2023-05-02 00:00:00

Rocky Linux 9 : curl (RLSA-2022:6157)

2023-11-07 00:00:00

cvelist

CVE-2022-32207

2022-07-07 00:00:00

rocky

curl security update

2022-08-24 14:56:48

almalinux

Moderate: curl security update

2022-08-24 00:00:00

oraclelinux

curl security update

2022-08-25 00:00:00

redhat

(RHSA-2022:6157) Moderate: curl security update

2022-08-24 14:56:48

(RHSA-2022:8840) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

2022-12-08 12:59:13

(RHSA-2022:8841) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

2022-12-08 13:15:43

slackware

[slackware-security] curl

2022-06-28 19:27:52

openvas

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2426)

2022-10-10 00:00:00

Fedora: Security Advisory for curl (FEDORA-2022-8bd3bf5b40)

2022-07-02 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:2305-1)

2022-07-07 00:00:00

cloudfoundry

USN-5495-1: curl vulnerabilities | Cloud Foundry

2022-12-07 00:00:00

freebsd

cURL -- Multiple vulnerabilities

2022-06-27 00:00:00

mageia

Updated curl packages fix security vulnerability

2022-07-05 22:11:26

photon

Moderate Photon OS Security Update - PHSA-2022-0412

2022-06-30 00:00:00

Moderate Photon OS Security Update - PHSA-2022-0491

2022-06-30 00:00:00

Critical Photon OS Security Update - PHSA-2022-3.0-0412

2022-06-30 00:00:00

fedora

[SECURITY] Fedora 35 Update: curl-7.79.1-5.fc35

2022-07-15 01:36:25

[SECURITY] Fedora 36 Update: curl-7.82.0-6.fc36

2022-07-01 01:09:59

ubuntu

curl vulnerabilities

2022-06-27 00:00:00

suse

Security update for curl (important)

2022-07-06 00:00:00

ibm

Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module uses libcurl with multiple known vulnerabilities (CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208)

2022-10-06 04:10:57

Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC

2023-01-19 20:14:45

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase ( CVE-2022-42915, CVE-2022-42916, CVE-2022-32221, CVE-2022-35252, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207 )

2023-01-31 14:06:26

amazon

Medium: curl

2022-10-31 19:40:00

ics

Siemens SCALANCE XCM332

2023-04-13 12:00:00

Siemens RUGGEDCOM ROX

2023-07-13 12:00:00

Siemens SINAMICS Medium Voltage Products

2023-06-15 12:00:00

debian

[SECURITY] [DSA 5197-1] curl security update

2022-08-01 16:58:44

gentoo

curl: Multiple Vulnerabilities

2022-12-19 00:00:00

apple

About the security content of macOS Ventura 13

2022-10-24 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

oracle

Oracle Critical Patch Update Advisory - October 2022

2022-10-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON

Related for PRION:CVE-2022-32207