curl is vulnerable to Denial Of Service (DoS). The vulnerability exists because the library erroneously uses the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, allowing an attacker to crash the application through the malicious POST request.

References

seclists.org/fulldisclosure/2023/Jan/19

seclists.org/fulldisclosure/2023/Jan/20

www.openwall.com/lists/oss-security/2023/05/17/4

hackerone.com/reports/1704017

lists.debian.org/debian-lts-announce/2023/01/msg00028.html

secdb.alpinelinux.org/edge/main.yaml

secdb.alpinelinux.org/v3.15/main.yaml

secdb.alpinelinux.org/v3.16/main.yaml

security.gentoo.org/glsa/202212-01

security.netapp.com/advisory/ntap-20230110-0006/

security.netapp.com/advisory/ntap-20230208-0002/

support.apple.com/kb/HT213604

support.apple.com/kb/HT213605

www.debian.org/security/2023/dsa-5330

osv 10

nessus 55

cvelist 1

openvas 40

redhat 4

cgr 1

prion 1

ibm 12

nvd 1

rocky 1

suse 2

redhatcve 1

cbl_mariner 1

ubuntu 3

debiancve 1

wolfi 1

almalinux 1

mageia 1

oraclelinux 1

aix 1

alpinelinux 1

cloudlinux 1

hackerone 3

ubuntucve 1

cve 1

redos 1

debian 2

fedora 3

amazon 1

freebsd 2

cloudfoundry 2

slackware 1

rosalinux 1

ics 2

apple 2

gentoo 1

photon 1

tenable 1

oracle 1

osv

Moderate: curl security update

2023-01-23 00:00:00

CGA-qg75-rj75-6cj6

2024-06-06 12:29:03

POST following PUT confusion

2022-10-26 08:00:00

nessus

EulerOS 2.0 SP10 : curl (EulerOS-SA-2023-1351)

2023-02-10 00:00:00

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2022:3773-1)

2022-10-27 00:00:00

EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-1095)

2023-01-06 00:00:00

cvelist

CVE-2022-32221

2022-12-05 00:00:00

openvas

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1715)

2023-05-08 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:3769-1)

2022-10-27 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1496)

2023-03-09 00:00:00

redhat

(RHSA-2023:0333) Moderate: curl security update

2023-01-23 14:30:22

(RHSA-2023:4139) Moderate: curl security update

2023-07-18 07:24:38

(RHSA-2022:8840) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

2022-12-08 12:59:13

cgr

CVE-2022-32221 vulnerabilities

2024-05-19 03:07:16

prion

Design/Logic Flaw

2022-12-05 22:15:00

ibm

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in libcurl (CVE-2022-32221)

2023-05-17 22:25:05

Security Bulletin: AIX is vulnerable to security restrictions bypass due to curl (CVE-2022-32221)

2023-05-26 16:05:20

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to security restrictions bypass due to [CVE-2022-32221], [CVE-2023-27533], [CVE-2023-28322]

2023-07-20 15:15:02

nvd

CVE-2022-32221

2022-12-05 22:15:10

rocky

curl security update

2023-01-23 14:30:22

suse

Security update for curl (important)

2022-10-26 00:00:00

Security update for curl (important)

2022-10-27 00:00:00

redhatcve

CVE-2022-32221

2022-10-26 14:23:07

cbl_mariner

CVE-2022-32221 affecting package tensorflow for versions less than 2.16.1-1

2024-04-17 22:02:46

ubuntu

curl vulnerability

2022-10-26 00:00:00

curl vulnerabilities

2022-10-26 00:00:00

MySQL vulnerabilities

2023-01-24 00:00:00

debiancve

CVE-2022-32221

2022-12-05 22:15:10

wolfi

CVE-2022-32221 vulnerabilities

2024-09-20 21:14:10

almalinux

Moderate: curl security update

2023-01-23 00:00:00

mageia

Updated curl packages fix security vulnerability

2022-11-02 01:58:59

oraclelinux

curl security update

2023-01-24 00:00:00

aix

AIX is vulnerable to security restrictions bypass due to curl

2023-05-26 09:26:13

alpinelinux

CVE-2022-32221

2022-12-05 22:15:10

cloudlinux

curl: Fix of CVE-2022-32221

2022-12-15 17:42:45

hackerone

Internet Bug Bounty: POST following PUT confusion

2022-10-26 14:34:05

curl: CVE-2022-32221: POST following PUT confusion

2022-09-18 23:27:44

curl: CVE-2023-28322: more POST-after-PUT confusion

2023-04-19 13:43:09

ubuntucve

CVE-2022-32221

2022-10-26 00:00:00

cve

CVE-2022-32221

2022-12-05 22:15:10

redos

ROS-20221222-02

2022-12-22 00:00:00

debian

[SECURITY] [DSA 5330-1] curl security update

2023-01-27 17:53:54

[SECURITY] [DLA 3288-1] curl security update

2023-01-28 21:19:47

fedora

[SECURITY] Fedora 36 Update: curl-7.82.0-9.fc36

2022-10-30 21:00:40

[SECURITY] Fedora 35 Update: curl-7.79.1-7.fc35

2022-11-10 16:21:52

[SECURITY] Fedora 37 Update: curl-7.85.0-2.fc37

2022-11-10 22:54:26

amazon

Medium: curl

2022-12-01 20:31:00

freebsd

curl -- multiple vulnerabilities

2022-10-26 00:00:00

MySQL -- Multiple vulnerabilities

2023-01-20 00:00:00

cloudfoundry

USN-5702-1: curl vulnerabilities | Cloud Foundry

2023-05-18 00:00:00

USN-5823-1: MySQL vulnerabilities | Cloud Foundry

2023-02-03 00:00:00

slackware

[slackware-security] curl

2022-10-27 02:30:21

rosalinux

Advisory ROSA-SA-2024-2411

2024-05-02 09:04:51

ics

Siemens SINEC NMS Third-Party

2023-05-11 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

apple

About the security content of macOS Monterey 12.6.3

2023-01-23 00:00:00

About the security content of macOS Ventura 13.2

2023-01-23 00:00:00

gentoo

curl: Multiple Vulnerabilities

2022-12-19 00:00:00

photon

Critical Photon OS Security Update - PHSA-2023-3.0-0603

2023-06-26 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

oracle

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.008

Percentile

81.3%

JSON

Related for VERACODE:37716