curl is vulnerable to authentication bypass. The vulnerability exists because curl can reuse a previously created connection even when a TLS or SSH-related option is changed that should be prohibited to reuse.

References

git://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2022-27782

www.openwall.com/lists/oss-security/2023/03/20/6

hackerone.com/reports/1555796

lists.debian.org/debian-lts-announce/2022/08/msg00017.html

security.gentoo.org/glsa/202212-01

security.netapp.com/advisory/ntap-20220609-0009/

www.debian.org/security/2022/dsa-5197

cbl_mariner 2

nvd 1

ibm 19

cve 1

ubuntucve 2

amazon 2

cvelist 1

hackerone 2

prion 1

alpinelinux 1

nessus 46

osv 7

redhatcve 1

cloudlinux 1

debiancve 1

mageia 1

openvas 25

suse 1

cloudfoundry 1

ubuntu 1

redhat 16

oraclelinux 2

rocky 1

almalinux 1

fedora 3

rosalinux 1

debian 3

altlinux 1

slackware 1

freebsd 1

redos 1

photon 7

aix 1

ics 2

gentoo 1

tenable 1

oracle 4

cbl_mariner

CVE-2022-27782 affecting package curl for versions less than 7.83.1-1

2022-07-01 21:02:21

CVE-2022-27782 affecting package curl 7.76.0-9

2022-08-24 22:05:05

nvd

CVE-2022-27782

2022-06-02 14:15:44

ibm

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to bypassing access restrictions due to [CVE-2022-27782]

2022-11-03 16:40:48

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in cURL libcurl (CVE-2022-27782)

2023-01-12 21:49:39

Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-27782, CVE-2022-27774, CVE-2021-22947, CVE-2022-22576, CVE-2022-27776, CVE-2021-22946)

2022-09-17 02:05:46

cve

CVE-2022-27782

2022-06-02 14:15:44

ubuntucve

CVE-2022-27782

2022-05-11 00:00:00

CVE-2023-27538

2023-03-20 00:00:00

amazon

Medium: curl

2022-07-06 03:01:00

Medium: curl

2022-12-01 17:33:00

cvelist

CVE-2022-27782

2022-06-01 00:00:00

hackerone

curl: CVE-2022-27782: TLS and SSH connection too eager reuse

2022-05-01 14:44:23

Internet Bug Bounty: CVE-2022-27782: TLS and SSH connection too eager reuse

2022-05-11 07:20:04

prion

Code injection

2022-06-02 14:15:00

alpinelinux

CVE-2022-27782

2022-06-02 14:15:44

nessus

Amazon Linux 2 : curl (ALAS-2022-1808)

2022-07-15 00:00:00

EulerOS 2.0 SP10 : curl (EulerOS-SA-2022-2238)

2022-08-17 00:00:00

SUSE SLES12 Security Update : curl (SUSE-SU-2022:1733-1)

2022-05-19 00:00:00

osv

CVE-2022-27782

2022-06-02 14:15:44

curl vulnerabilities

2022-05-11 13:14:58

Moderate: curl security update

2022-06-28 10:52:02

redhatcve

CVE-2022-27782

2022-05-11 07:37:05

cloudlinux

Fixed CVE-2022-27782 in curl

2022-07-04 19:12:03

debiancve

CVE-2022-27782

2022-06-02 14:15:44

mageia

Updated curl packages fix security vulnerability

2022-05-15 13:06:40

openvas

SUSE: Security Advisory (SUSE-SU-2022:1870-1)

2022-05-30 00:00:00

Mageia: Security Advisory (MGASA-2022-0185)

2022-05-19 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2238)

2022-08-18 00:00:00

suse

Security update for curl (important)

2022-05-27 00:00:00

cloudfoundry

USN-5412-1: curl vulnerabilities | Cloud Foundry

2022-12-07 00:00:00

ubuntu

curl vulnerabilities

2022-05-11 00:00:00

redhat

(RHSA-2022:5313) Moderate: curl security update

2022-06-28 10:52:02

(RHSA-2022:5245) Moderate: curl security update

2022-06-28 08:27:15

(RHSA-2022:5699) Moderate: Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 security update

2022-07-28 14:39:39

oraclelinux

curl security update

2022-06-30 00:00:00

curl security update

2022-06-30 00:00:00

rocky

curl security update

2022-06-28 10:52:02

almalinux

Moderate: curl security update

2022-06-30 00:00:00

fedora

[SECURITY] Fedora 36 Update: curl-7.82.0-5.fc36

2022-05-12 20:26:36

[SECURITY] Fedora 35 Update: curl-7.79.1-4.fc35

2022-05-18 01:11:50

[SECURITY] Fedora 34 Update: curl-7.76.1-16.fc34

2022-05-24 01:41:08

rosalinux

Advisory ROSA-SA-2023-2220

2023-08-22 13:18:19

debian

[SECURITY] [DLA 3288-1] curl security update

2023-01-28 21:19:47

[SECURITY] [DLA 3085-1] curl security update

2022-08-28 23:00:51

[SECURITY] [DSA 5197-1] curl security update

2022-08-01 16:58:44

altlinux

Security fix for the ALT Linux 10 package curl version 7.83.1-alt1

2022-05-19 00:00:00

slackware

[slackware-security] curl

2022-05-11 19:04:46

freebsd

curl -- Multiple vulnerabilities

2022-05-11 00:00:00

redos

ROS-20220524-03

2022-05-24 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0205

2022-06-27 00:00:00

Important Photon OS Security Update - PHSA-2022-0486

2022-06-19 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0205

2022-06-27 00:00:00

aix

Multiple vulnerabilities cURL libcurl affect AIX

2023-06-29 09:35:59

ics

Siemens RUGGEDCOM ROX

2023-07-13 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

gentoo

curl: Multiple Vulnerabilities

2022-12-19 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - October 2022

2022-10-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.002

Percentile

56.7%

JSON

Related for VERACODE:35527