Lucene search

K

Veracode Vulnerability DatabaseVERACODE:37712

HistoryOct 28, 2022 - 9:03 a.m.

Double Free

2022-10-2809:03:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

17

curl

vulnerability

http proxy

non-http url

double free

0.009 Low

EPSS

Percentile

83.0%

Curl is vulnerable to double free. The vulnerability is due to the use of HTTP proxy for a transfer with a non-HTTP(S) URL which allows an attacker to trigger a double free.

CPENameOperatorVersion
curl:edgeeq7.78.0-r2
curl:edgeeq7.83.1-r1
curl:edgeeq7.77.0-r0
curl:edgeeq7.83.0-r0
curl:edgeeq7.80.0-r0
curl:edgeeq7.79.0-r0
curl:edgeeq7.85.0-r0
curl:edgeeq7.82.0-r0
curl:edgeeq7.79.1-r0
curl:edgeeq7.84.0-r1

Rows per page:

1-10 of 4361

References

seclists.org/fulldisclosure/2023/Jan/19

seclists.org/fulldisclosure/2023/Jan/20

curl.se/docs/CVE-2022-42915.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/

lists.fedoraproject.org/archives/list/[email protected]/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/

lists.fedoraproject.org/archives/list/[email protected]/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/

lists.fedoraproject.org/archives/list/[email protected]/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/

secdb.alpinelinux.org/edge/main.yaml

secdb.alpinelinux.org/v3.15/main.yaml

secdb.alpinelinux.org/v3.16/main.yaml

security.gentoo.org/glsa/202212-01

security.netapp.com/advisory/ntap-20221209-0010/

support.apple.com/kb/HT213604

support.apple.com/kb/HT213605

0.009 Low

EPSS

Percentile

83.0%

Related for VERACODE:37712