CVE-2022-27781
published 2022-06-02CVE-2022-27781: libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous…
PriorityP434high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.08%
23.3th percentile
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | curl | < curl 7.83.1-1 (bookworm) | curl 7.83.1-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| haxx | curl | < 7.83.1 | 7.83.1 |
| haxx | curl | >= 0 < 7.74.0-1.3+deb11u2 | 7.74.0-1.3+deb11u2 |
| haxx | curl | >= 0 < 7.83.1-1 | 7.83.1-1 |
| haxx | curl | >= 0 < 7.83.1-1 | 7.83.1-1 |
| haxx | curl | >= 0 < 7.83.1-1 | 7.83.1-1 |
| haxx | curl | >= 0 < 7.58.0-2ubuntu3.18 | 7.58.0-2ubuntu3.18 |
| haxx | curl | >= 0 < 7.68.0-1ubuntu2.11 | 7.68.0-1ubuntu2.11 |
| haxx | curl | >= 0 < 7.81.0-1ubuntu1.2 | 7.81.0-1ubuntu1.2 |
| haxx | curl | >= 0 < 7.35.0-1ubuntu2.20+esm11 | 7.35.0-1ubuntu2.20+esm11 |
| haxx | curl | >= 0 < 7.47.0-1ubuntu2.19+esm4 | 7.47.0-1ubuntu2.19+esm4 |
| https | github.com_curl_curl | — | — |
| msrc | azl3_rust_1.75.0-14_on_azure_linux_3.0 | — | — |
| msrc | azl3_rust_1.86.0-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_curl_7.83.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_curl_7.84.0-1_on_cbl_mariner_1.0 | — | — |
| splunk | universal_forwarder | — | — |
| splunk | universal_forwarder | >= 8.2.0 < 8.2.12 | 8.2.12 |
| splunk | universal_forwarder | >= 9.0.0 < 9.0.6 | 9.0.6 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens RUGGEDCOM ROX
cisa_ics·2023-07-13
Siemens RUGGEDCOM ROX
ICS Advisory
##
Siemens RUGGEDCOM ROX
Release DateJuly 13, 2023
Alert CodeICSA-23-194-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely / low attack complexity
- Vendor: Siemens
- Equipment: RUGGEDCOM ROX
- Vulnerabilities: Cleartext Transmission of Sensitive Information, Command Injection, Improper Authentication, Classic Buffer Overflow, Uncontrolled Resource Consumption, Improper Certificate Validation, Cross-Site Request Forgery (CSRF), Improper Input Validation, Incorrect Default Permissions, Cross-site Scripting, Inadequate Encryption Strength, Use of a Broken or Risky Cryptographic Algorithm.
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to send a malformed HTTP packet c
Ubuntu
curl vulnerabilities
vendor_ubuntu·2022-07-01·CVSS 7.5
CVE-2022-32208 [HIGH] curl vulnerabilities
Title: curl vulnerabilities
Summary: Several security issues were fixed in curl.
Florian Kohnhuser discovered that curl incorrectly handled returning a
TLS server’s certificate chain details. A remote attacker could possibly
use this issue to cause curl to stop responding, resulting in a denial of
service. (CVE-2022-27781)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB
messages. An attacker could possibly use this to perform a
machine-in-the-middle attack. (CVE-2022-32208)
Instructions: In general, a standard system update will make all the necessary changes.
Microsoft
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function a malicious server could make libc
vendor_msrc·2022-06-14·CVSS 7.5
CVE-2022-27781 [HIGH] CWE-835 libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function a malicious server could make libc
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this bl
Red Hat
curl: CERTINFO never-ending busy-loop
vendor_redhat·2022-05-11·CVSS 7.5
CVE-2022-27781 [HIGH] CWE-835 curl: CERTINFO never-ending busy-loop
curl: CERTINFO never-ending busy-loop
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
A vulnerability was found in curl. This issue occurs due to an erroneous function. A malicious server could make curl within Network Security Services (NSS) get stuck in a never-ending busy loop when trying to retrieve that information. This flaw allows an Infinite Loop, affecting system availability.
Statement: Red Hat Enterprise Linux 8 and 9 are not affected because our build of curl does not use NSS for TLS.
Package: rh-dotnet31-curl (.NET Core 3.1 on
Ubuntu
curl vulnerabilities
vendor_ubuntu·2022-05-11·CVSS 7.5
CVE-2022-27780 [HIGH] curl vulnerabilities
Title: curl vulnerabilities
Summary: Several security issues were fixed in curl.
Axel Chong discovered that curl incorrectly handled percent-encoded URL
separators. A remote attacker could possibly use this issue to trick curl
into using the wrong URL and bypass certain checks or filters. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-27780)
Florian Kohnhuser discovered that curl incorrectly handled returning a
TLS server's certificate chain details. A remote attacker could possibly
use this issue to cause curl to stop responding, resulting in a denial of
service. (CVE-2022-27781)
Harry Sintonen discovered that curl incorrectly reused a previous
connection when certain options had been changed, contrary to expectations.
(CVE-2022-27782)
Instructions: In general, a standard syste
Debian
CVE-2022-27781: curl - libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest d...
vendor_debian·2022·CVSS 7.5
CVE-2022-27781 [HIGH] CVE-2022-27781: curl - libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest d...
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
Scope: local
bookworm: resolved (fixed in 7.83.1-1)
bullseye: resolved (fixed in 7.74.0-1.3+deb11u2)
forky: resolved (fixed in 7.83.1-1)
sid: resolved (fixed in 7.83.1-1)
trixie: resolved (fixed in 7.83.1-1)
OSV
curl vulnerabilities
osv·2022-07-01·CVSS 7.5
CVE-2022-27781 [HIGH] curl vulnerabilities
curl vulnerabilities
Florian Kohnhuser discovered that curl incorrectly handled returning a
TLS server’s certificate chain details. A remote attacker could possibly
use this issue to cause curl to stop responding, resulting in a denial of
service. (CVE-2022-27781)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB
messages. An attacker could possibly use this to perform a
machine-in-the-middle attack. (CVE-2022-32208)
GHSA
GHSA-xgr5-38f7-xqvv: libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain
ghsa_unreviewed·2022-06-03
CVE-2022-27781 [HIGH] CWE-400 GHSA-xgr5-38f7-xqvv: libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
OSV
CVE-2022-27781: libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain
osv·2022-06-02·CVSS 7.5
CVE-2022-27781 [HIGH] CVE-2022-27781: libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
OSV
CVE-2022-27781: libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain
osv·2022-05-11·CVSS 7.5
CVE-2022-27781 [HIGH] CVE-2022-27781: libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. Due to an erroneous function, a malicious server could make libcurl built with NSS get stuck in a never-ending busy-loop when trying to retrieve that information.]
OSV
curl vulnerabilities
osv·2022-05-11·CVSS 7.5
CVE-2022-27780 [HIGH] curl vulnerabilities
curl vulnerabilities
Axel Chong discovered that curl incorrectly handled percent-encoded URL
separators. A remote attacker could possibly use this issue to trick curl
into using the wrong URL and bypass certain checks or filters. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-27780)
Florian Kohnhuser discovered that curl incorrectly handled returning a
TLS server's certificate chain details. A remote attacker could possibly
use this issue to cause curl to stop responding, resulting in a denial of
service. (CVE-2022-27781)
Harry Sintonen discovered that curl incorrectly reused a previous
connection when certain options had been changed, contrary to expectations.
(CVE-2022-27782)
No detection rules found.
No public exploits indexed.
HackerOne
CVE-2022-27781: CERTINFO never-ending busy-loop
hackerone·2022-07-24·CVSS 7.5
CVE-2022-27781 [HIGH] CVE-2022-27781: CERTINFO never-ending busy-loop
CVE-2022-27781: CERTINFO never-ending busy-loop
Published Advisory: https://curl.se/docs/CVE-2022-27781.html
Original Report: https://hackerone.com/reports/1555441
## Impact
Due to an erroneous function, a malicious server could make libcurl built with NSS get stuck in a never-ending busy-loop when trying to retrieve that information.
CERTINFO never-ending busy-loop
Project curl Security Advisory, May 11 2022
VULNERABILITY
libcurl provides the CURLOPT_CERTINFO option to allow applications to request details to be returned about a TLS server's certificate chain.
Due to an erroneous function, a malicious server could make libcurl built with NSS get stuck in a never-ending busy-loop when trying to retrieve that information.
We are not aware of any exploit of this flaw.
INFO
This flaw
HackerOne
CVE-2022-27781: CERTINFO never-ending busy-loop
hackerone·2022-05-16·CVSS 7.5
CVE-2022-27781 [HIGH] CVE-2022-27781: CERTINFO never-ending busy-loop
CVE-2022-27781: CERTINFO never-ending busy-loop
## Summary:
Curl is prone to a DoS attack in case the NSS TLS library is used and the CERTINFO option is enabled. Using maliciously crafted certificates on a server, an attacker can make curl run into an endless loop when connecting to the server. The bug is located in the following code segment (https://github.com/curl/curl/blob/master/lib/vtls/nss.c#L1014):
```
/* Count certificates in chain. */
int i = 1;
now = PR_Now();
if(!cert->isRoot) {
cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
while(cert2) {
i++;
if(cert2->isRoot) {
CERT_DestroyCertificate(cert2);
break;
}
cert3 = CERT_FindCertIssuer(cert2, now, certUsageSSLCA);
CERT_DestroyCertificate(cert2);
cert2 = cert3;
}
}
```
When CERTINFO is set, display_conn_info() executes t
https://hackerone.com/reports/1555441https://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlhttps://security.gentoo.org/glsa/202212-01https://security.netapp.com/advisory/ntap-20220609-0009/https://www.debian.org/security/2022/dsa-5197https://hackerone.com/reports/1555441https://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlhttps://security.gentoo.org/glsa/202212-01https://security.netapp.com/advisory/ntap-20220609-0009/https://www.debian.org/security/2022/dsa-5197https://hackerone.com/reports/1555441
2022-06-02
Published