CVE-2022-27775Sensitive Information Exposure in Curl

CWE-200Sensitive Information Exposure11 documents9 sources
Severity
7.5HIGHNVD
OSV8.1
EPSS
0.2%
top 64.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Haxx CurlSplunk Universal ForwarderHttps Github.com Curl Curl+1 more
Timeline
PublishedJun 2
Latest updateJun 14

Description

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

Debianhaxx/curl< 7.74.0-1.3+deb11u2+3
Ubuntuhaxx/curl< 7.58.0-2ubuntu3.17+2
NVDhaxx/curl7.65.07.82.0
CVEListV5https/github.com_curl_curlcurl 7.65.0 to 7.82.0 are vulnerable
NVDsplunk/universal_forwarder8.2.08.2.12+2

Also affects: Debian Linux 11.0

🔴Vulnerability Details

4
GHSA
GHSA-fx56-rj7x-688m: An information disclosure vulnerability exists in curl 72022-06-03
OSV
CVE-2022-27775: An information disclosure vulnerability exists in curl 72022-06-02
CVEList
CVE-2022-27775: An information disclosure vulnerability exists in curl 72022-06-01
OSV
curl vulnerabilities2022-04-28

📋Vendor Advisories

4
Microsoft
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a conne2022-06-14
Ubuntu
curl vulnerabilities2022-04-28
Red Hat
curl: bad local IPv6 connection reuse2022-04-27
Debian
CVE-2022-27775: curl - An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vuln...2022

💬Community

2
HackerOne
CVE-2022-27775: Bad local IPv6 connection reuse2022-04-29
HackerOne
CVE-2022-27775: Bad local IPv6 connection reuse2022-04-27
CVE-2022-27775 — Sensitive Information Exposure in Curl | cvebase