CVE-2022-27782
published 2022-06-02CVE-2022-27782: libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps…
PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.47%
65.1th percentile
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | curl | < curl 7.83.1-1 (bookworm) | curl 7.83.1-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| haxx | curl | < 7.83.1 | 7.83.1 |
| haxx | curl | >= 0 < 7.74.0-1.3+deb11u2 | 7.74.0-1.3+deb11u2 |
| haxx | curl | >= 0 < 7.83.1-1 | 7.83.1-1 |
| haxx | curl | >= 0 < 7.83.1-1 | 7.83.1-1 |
| haxx | curl | >= 0 < 7.83.1-1 | 7.83.1-1 |
| haxx | curl | >= 0 < 7.58.0-2ubuntu3.18 | 7.58.0-2ubuntu3.18 |
| haxx | curl | >= 0 < 7.68.0-1ubuntu2.11 | 7.68.0-1ubuntu2.11 |
| haxx | curl | >= 0 < 7.81.0-1ubuntu1.2 | 7.81.0-1ubuntu1.2 |
| https | github.com_curl_curl | — | — |
| msrc | azl3_rust_1.75.0-14_on_azure_linux_3.0 | — | — |
| msrc | azl3_rust_1.86.0-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_curl_7.83.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_curl_7.84.0-1_on_cbl_mariner_1.0 | — | — |
| splunk | universal_forwarder | — | — |
| splunk | universal_forwarder | >= 8.2.0 < 8.2.12 | 8.2.12 |
| splunk | universal_forwarder | >= 9.0.0 < 9.0.6 | 9.0.6 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_oracle7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x38v-8q6p-w65c: libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse
ghsa_unreviewed·2022-06-03
CVE-2022-27782 [HIGH] CWE-295 GHSA-x38v-8q6p-w65c: libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
OSV
CVE-2022-27782: libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse
osv·2022-06-02·CVSS 7.5
CVE-2022-27782 [HIGH] CVE-2022-27782: libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
OSV
curl vulnerabilities
osv·2022-05-11·CVSS 7.5
CVE-2022-27780 [HIGH] curl vulnerabilities
curl vulnerabilities
Axel Chong discovered that curl incorrectly handled percent-encoded URL
separators. A remote attacker could possibly use this issue to trick curl
into using the wrong URL and bypass certain checks or filters. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-27780)
Florian Kohnhuser discovered that curl incorrectly handled returning a
TLS server's certificate chain details. A remote attacker could possibly
use this issue to cause curl to stop responding, resulting in a denial of
service. (CVE-2022-27781)
Harry Sintonen discovered that curl incorrectly reused a previous
connection when certain options had been changed, contrary to expectations.
(CVE-2022-27782)
CISA ICS
Siemens RUGGEDCOM ROX
cisa_ics·2023-07-13
Siemens RUGGEDCOM ROX
ICS Advisory
##
Siemens RUGGEDCOM ROX
Release DateJuly 13, 2023
Alert CodeICSA-23-194-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely / low attack complexity
- Vendor: Siemens
- Equipment: RUGGEDCOM ROX
- Vulnerabilities: Cleartext Transmission of Sensitive Information, Command Injection, Improper Authentication, Classic Buffer Overflow, Uncontrolled Resource Consumption, Improper Certificate Validation, Cross-Site Request Forgery (CSRF), Improper Input Validation, Incorrect Default Permissions, Cross-site Scripting, Inadequate Encryption Strength, Use of a Broken or Risky Cryptographic Algorithm.
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to send a malformed HTTP packet c
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: SSL Module (cURL) — CVE-2022-27782
vendor_oracle·2023-01-15·CVSS 7.5
CVE-2022-27782 [HIGH] Oracle Oracle Fusion Middleware Risk Matrix: SSL Module (cURL) — CVE-2022-27782
Oracle Oracle Fusion Middleware Risk Matrix: SSL Module (cURL) vulnerability
CVE: CVE-2022-27782
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2023 (JAN 2023)
Oracle
Oracle Oracle Communications Risk Matrix: Configuration (cURL) — CVE-2022-27782
vendor_oracle·2022-10-15·CVSS 7.5
CVE-2022-27782 [HIGH] Oracle Oracle Communications Risk Matrix: Configuration (cURL) — CVE-2022-27782
Oracle Oracle Communications Risk Matrix: Configuration (cURL) vulnerability
CVE: CVE-2022-27782
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2022 (OCT 2022)
Microsoft
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection po
vendor_msrc·2022-06-14·CVSS 7.5
CVE-2022-27782 [HIGH] CWE-295 libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection po
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However several TLS andSSH settings were left out from the configuration match checks making themmatch too easily.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transpar
Ubuntu
curl vulnerabilities
vendor_ubuntu·2022-05-11·CVSS 7.5
CVE-2022-27780 [HIGH] curl vulnerabilities
Title: curl vulnerabilities
Summary: Several security issues were fixed in curl.
Axel Chong discovered that curl incorrectly handled percent-encoded URL
separators. A remote attacker could possibly use this issue to trick curl
into using the wrong URL and bypass certain checks or filters. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-27780)
Florian Kohnhuser discovered that curl incorrectly handled returning a
TLS server's certificate chain details. A remote attacker could possibly
use this issue to cause curl to stop responding, resulting in a denial of
service. (CVE-2022-27781)
Harry Sintonen discovered that curl incorrectly reused a previous
connection when certain options had been changed, contrary to expectations.
(CVE-2022-27782)
Instructions: In general, a standard syste
Red Hat
curl: TLS and SSH connection too eager reuse
vendor_redhat·2022-05-11·CVSS 7.5
CVE-2022-27782 [HIGH] CWE-295 curl: TLS and SSH connection too eager reuse
curl: TLS and SSH connection too eager reuse
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
A vulnerability was found in curl. This issue occurs because curl can reuse a previously created connection even when a TLS or SSH-related option is changed that should have prohibited reuse. This flaw leads to an authentication bypass, either by mistake or by a malicious actor.
Package: rh-dotnet31-curl (.NET Core 3.1 on Red Hat Enterprise Linux) - Out of suppor
Debian
CVE-2022-27782: curl - libcurl would reuse a previously created connection even when a TLS or SSHrelate...
vendor_debian·2022·CVSS 7.5
CVE-2022-27782 [HIGH] CVE-2022-27782: curl - libcurl would reuse a previously created connection even when a TLS or SSHrelate...
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
Scope: local
bookworm: resolved (fixed in 7.83.1-1)
bullseye: resolved (fixed in 7.74.0-1.3+deb11u2)
forky: resolved (fixed in 7.83.1-1)
sid: resolved (fixed in 7.83.1-1)
trixie: resolved (fixed in 7.83.1-1)
No detection rules found.
No public exploits indexed.
HackerOne
CVE-2022-27782: TLS and SSH connection too eager reuse
hackerone·2022-05-12·CVSS 7.5
CVE-2022-27782 [HIGH] CVE-2022-27782: TLS and SSH connection too eager reuse
CVE-2022-27782: TLS and SSH connection too eager reuse
## Summary:
Curl fails to consider some security related options when reusing TLS connections. For example:
# TLS
CURLOPT_SSL_OPTIONS
CURLOPT_PROXY_SSL_OPTIONS
CURLOPT_CRLFILE
CURLOPT_PROXY_CRLFILE
CURLOPT_TLSAUTH_TYPE
CURLOPT_TLSAUTH_USERNAME
CURLOPT_TLSAUTH_PASSWORD
CURLOPT_PROXY_TLSAUTH_TYPE
CURLOPT_PROXY_TLSAUTH_USERNAME
CURLOPT_PROXY_TLSAUTH_PASSWORD
As a result for example TLS connection with lower security (`CURLSSLOPT_ALLOW_BEAST`,` CURLSSLOPT_NO_REVOKE`) connection reused when it should no longer be. Also connection that has been authenticated perviously with `CURLSSLOPT_AUTO_CLIENT_CERT` might be reused for connections that should not be.
# SSH
CURLOPT_SSH_PUBLIC_KEYFILE
CURLOPT_SSH_PRIVATE_KEYFILE
If the attacker knows
HackerOne
CVE-2022-27782: TLS and SSH connection too eager reuse
hackerone·2022-05-11·CVSS 7.5
CVE-2022-27782 [HIGH] CVE-2022-27782: TLS and SSH connection too eager reuse
CVE-2022-27782: TLS and SSH connection too eager reuse
## Summary:
Curl fails to consider some security related options when reusing TLS connections. For example:
- CURLOPT_SSL_OPTIONS
- CURLOPT_PROXY_SSL_OPTIONS
- CURLOPT_CRLFILE
- CURLOPT_PROXY_CRLFILE
As a result for example TLS connection with lower security (`CURLSSLOPT_ALLOW_BEAST`,` CURLSSLOPT_NO_REVOKE`) connection reused when it should no longer be. Also connection that has been authenticated perviously with `CURLSSLOPT_AUTO_CLIENT_CERT` might be reused for connections that should not be.
## Steps To Reproduce:
1. `(echo -ne "HTTP/1.1 200 OK\r\nContent-Length: 6\r\n\r\nHello\n"; sleep 5; echo -ne "HTTP/1.1 200 OK\r\nContent-Length: 6\r\n\r\nAgain\n") | openssl s_server -cert cert.pem -key privkey.pem -cert_chain chain.pem -acce
http://www.openwall.com/lists/oss-security/2023/03/20/6https://hackerone.com/reports/1555796https://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlhttps://security.gentoo.org/glsa/202212-01https://security.netapp.com/advisory/ntap-20220609-0009/https://www.debian.org/security/2022/dsa-5197http://www.openwall.com/lists/oss-security/2023/03/20/6https://hackerone.com/reports/1555796https://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlhttps://security.gentoo.org/glsa/202212-01https://security.netapp.com/advisory/ntap-20220609-0009/https://www.debian.org/security/2022/dsa-5197https://hackerone.com/reports/1555796
2022-06-02
Published