CVE-2022-27778 — Use of Incorrectly-Resolved Name or Reference in Universal Forwarder

CWE-706 — Use of Incorrectly-Resolved Name or Reference CWE-763 — Release of Invalid Pointer or Reference10 documents9 sources

Severity

8.1HIGHNVD

EPSS

0.9%

top 24.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haxx Curl Splunk Universal Forwarder Oracle Mysql Server +1 more

Timeline

PublishedJun 2

Latest updateJul 15

Description

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages5 packages

▶NVDsplunk/universal_forwarder8.2.0 — 8.2.12+2

▶Debianhaxx/curl< 7.83.1-1+2

▶NVDoracle/mysql_server8.0.0 — 8.0.29+1

▶NVDhaxx/curl7.83.0

▶CVEListV5https/github.com_curl_curlfixed in 7.83.1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-rh8g-j53h-g8xf: A use of incorrectly resolved name vulnerability fixed in 7↗2022-06-03

▶

OSV

CVE-2022-27778: A use of incorrectly resolved name vulnerability fixed in 7↗2022-06-02

▶

CVEList

CVE-2022-27778: A use of incorrectly resolved name vulnerability fixed in 7↗2022-06-01

▶

📋Vendor Advisories

Oracle

Oracle Oracle MySQL Risk Matrix: Server: Packaging (cURL) — CVE-2022-27778↗2022-07-15

▶

Microsoft

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.↗2022-06-14

▶

Red Hat

curl: removes wrong file on error↗2022-05-11

▶

Debian

CVE-2022-27778: curl - A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove th...↗2022

▶

💬Community

HackerOne

CVE-2022-27778: curl removes wrong file on error↗2022-05-12

▶

HackerOne

CVE-2022-27778: curl removes wrong file on error↗2022-05-11

▶