CVE-2022-32208
published 2022-07-07CVE-2022-32208: When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle…
PriorityP335medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EPSS
5.59%
91.9th percentile
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos | < 13.0 | 13.0 |
| apple | macos_ventura | — | — |
| debian | curl | < curl 7.84.0-1 (bookworm) | curl 7.84.0-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| haxx | curl | >= 0 < 7.74.0-1.3+deb11u2 | 7.74.0-1.3+deb11u2 |
| haxx | curl | >= 0 < 7.84.0-1 | 7.84.0-1 |
| haxx | curl | >= 0 < 7.84.0-1 | 7.84.0-1 |
| haxx | curl | >= 0 < 7.84.0-1 | 7.84.0-1 |
| haxx | curl | >= 0 < 7.58.0-2ubuntu3.19 | 7.58.0-2ubuntu3.19 |
| haxx | curl | >= 0 < 7.68.0-1ubuntu2.12 | 7.68.0-1ubuntu2.12 |
| haxx | curl | >= 0 < 7.81.0-1ubuntu1.3 | 7.81.0-1ubuntu1.3 |
| haxx | curl | >= 0 < 7.81.0-1ubuntu1.21 | 7.81.0-1ubuntu1.21 |
| haxx | curl | >= 0 < 7.35.0-1ubuntu2.20+esm11 | 7.35.0-1ubuntu2.20+esm11 |
| haxx | curl | >= 0 < 7.47.0-1ubuntu2.19+esm4 | 7.47.0-1ubuntu2.19+esm4 |
| haxx | curl | >= 7.16.4 < 7.84.0 | 7.84.0 |
| https | github.com_curl_curl | — | — |
| msrc | azl3_rust_1.75.0-14_on_azure_linux_3.0 | — | — |
| msrc | azl3_rust_1.86.0-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_curl_7.84.0-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_curl_7.84.0-1_on_cbl_mariner_1.0 | — | — |
| splunk | universal_forwarder | — | — |
| splunk | universal_forwarder | >= 8.2.0 < 8.2.12 | 8.2.12 |
| splunk | universal_forwarder | >= 9.0.0 < 9.0.6 | 9.0.6 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian5.9MEDIUM
vendor_msrc5.9MEDIUM
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
curl regression
vendor_ubuntu·2025-09-29·CVSS 4.3
CVE-2022-32205 [MEDIUM] curl regression
Title: curl regression
Summary: USN-5495-1 introduced a regression in curl
USN-5495-1 fixed vulnerabilities in curl. The fix for CVE-2022-32205
miscalculated the maximum cookie size, causing a regression. This update
fixes the problem.
Original advisory details:
Harry Sintonen discovered that curl incorrectly handled certain cookies.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions.
An attacker could possibly use this issue to expose sensitive information.
CISA ICS
Siemens SCALANCE XCM332
cisa_ics·2023-04-13·CVSS 7.5
[HIGH] Siemens SCALANCE XCM332
ICS Advisory
##
Siemens SCALANCE XCM332
Release DateApril 13, 2023
Alert CodeICSA-23-103-09
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE XCM332
- Vulnerabilities: Allocation of Resources Without Limits or Throttling, Use After Free, Concurrent Execution Using Shared Resource with Improper Synchronization ('Race Condition'), Incorrect Default Permissions, Out-of-
Apple
CVE-2022-32208: macOS Ventura 13
vendor_apple·2022-10-24·CVSS 5.9
CVE-2022-32208 [MEDIUM] CVE-2022-32208: macOS Ventura 13
Apple Security Update: About the security content of macOS Ventura 13
Product: macOS Ventura
Version: 13
CVE: CVE-2022-32208
Component: CVE-2022-32208
Microsoft
When curl < 7.84.0 does FTP transfers secured by krb5 it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to
vendor_msrc·2022-07-12·CVSS 5.9
CVE-2022-32208 [MEDIUM] CWE-787 When curl < 7.84.0 does FTP transfers secured by krb5 it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to
When curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
hackerone: hackerone
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutor
Ubuntu
curl vulnerabilities
vendor_ubuntu·2022-07-01·CVSS 7.5
CVE-2022-32208 [HIGH] curl vulnerabilities
Title: curl vulnerabilities
Summary: Several security issues were fixed in curl.
Florian Kohnhuser discovered that curl incorrectly handled returning a
TLS server’s certificate chain details. A remote attacker could possibly
use this issue to cause curl to stop responding, resulting in a denial of
service. (CVE-2022-27781)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB
messages. An attacker could possibly use this to perform a
machine-in-the-middle attack. (CVE-2022-32208)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
curl vulnerabilities
vendor_ubuntu·2022-06-27·CVSS 4.3
CVE-2022-32207 [MEDIUM] curl vulnerabilities
Title: curl vulnerabilities
Summary: Several security issues were fixed in curl.
Harry Sintonen discovered that curl incorrectly handled certain cookies.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages.
An attacker could possi
Red Hat
curl: FTP-KRB bad message verification
vendor_redhat·2022-06-27·CVSS 5.9
CVE-2022-32208 [MEDIUM] CWE-924 curl: FTP-KRB bad message verification
curl: FTP-KRB bad message verification
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
A vulnerability was found in curl. This issue occurs because it mishandles message verification failures when curl does FTP transfers secured by krb5. This flaw makes it possible for a Man-in-the-middle attack to go unnoticed and allows data injection into the client.
Package: rh-dotnet31-curl (.NET Core 3.1 on Red Hat Enterprise Linux) - Out of support scope
Package: curl (Red Hat Enterprise Linux 6) - Out of support scope
Package: curl (Red Hat Enterprise Linux 7) - Out of support scope
Package: httpd24-curl (Red Hat S
Debian
CVE-2022-32208: curl - When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verifi...
vendor_debian·2022·CVSS 5.9
CVE-2022-32208 [MEDIUM] CVE-2022-32208: curl - When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verifi...
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
Scope: local
bookworm: resolved (fixed in 7.84.0-1)
bullseye: resolved (fixed in 7.74.0-1.3+deb11u2)
forky: resolved (fixed in 7.84.0-1)
sid: resolved (fixed in 7.84.0-1)
trixie: resolved (fixed in 7.84.0-1)
OSV
curl regression
osv·2025-09-29·CVSS 4.3
CVE-2022-32205 [MEDIUM] curl regression
curl regression
USN-5495-1 fixed vulnerabilities in curl. The fix for CVE-2022-32205
miscalculated the maximum cookie size, causing a regression. This update
fixes the problem.
Original advisory details:
Harry Sintonen discovered that curl incorrectly handled certain cookies.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS.
GHSA
GHSA-gfg8-2cqc-6cmc: When curl < 7
ghsa_unreviewed·2022-07-08
CVE-2022-32208 [MEDIUM] CWE-787 GHSA-gfg8-2cqc-6cmc: When curl < 7
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
OSV
CVE-2022-32208: When curl < 7
osv·2022-07-07·CVSS 5.9
CVE-2022-32208 [MEDIUM] CVE-2022-32208: When curl < 7
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
OSV
curl vulnerabilities
osv·2022-07-01·CVSS 7.5
CVE-2022-27781 [HIGH] curl vulnerabilities
curl vulnerabilities
Florian Kohnhuser discovered that curl incorrectly handled returning a
TLS server’s certificate chain details. A remote attacker could possibly
use this issue to cause curl to stop responding, resulting in a denial of
service. (CVE-2022-27781)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB
messages. An attacker could possibly use this to perform a
machine-in-the-middle attack. (CVE-2022-32208)
OSV
curl vulnerabilities
osv·2022-06-27·CVSS 4.3
CVE-2022-32205 [MEDIUM] curl vulnerabilities
curl vulnerabilities
Harry Sintonen discovered that curl incorrectly handled certain cookies.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages.
An attacker could possibly use this to perform a machine-in-the-middle attack.
(CVE-
No detection rules found.
No public exploits indexed.
HackerOne
CVE-2022-32208: FTP-KRB bad message verification
hackerone·2022-06-27·CVSS 5.9
CVE-2022-32208 [MEDIUM] CVE-2022-32208: FTP-KRB bad message verification
CVE-2022-32208: FTP-KRB bad message verification
When curl does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
## Impact
Loss of integrity of FTP-KRB transfers
CVE-2022-32208: FTP-KRB bad message verification
Project curl Security Advisory, June 27th 2022
VULNERABILITY
When curl does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
We are not aware of any exploit of this flaw.
INFO
CVE-2022-32208 was introduced in commit 54967d2a3a, shipped in curl 7.16.4.
This flaw typical
HackerOne
CVE-2022-32208: FTP-KRB bad message verification
hackerone·2022-06-27·CVSS 5.9
CVE-2022-32208 [MEDIUM] CVE-2022-32208: FTP-KRB bad message verification
CVE-2022-32208: FTP-KRB bad message verification
## Summary:
libcurl handles `gss_unwrap` `GSS_S_BAD_SIG` error incorrectly. This enables malicious attacker to inject arbitrary FTP server responses to GSSAPI protected FTP control connection and/or make the client consume unrelated heap memory as a FTP command response.
The defective `krb5_decode` function is as follows:
```
static int
krb5_decode(void *app_data, void *buf, int len,
int level UNUSED_PARAM,
struct connectdata *conn UNUSED_PARAM)
{
gss_ctx_id_t *context = app_data;
OM_uint32 maj, min;
gss_buffer_desc enc, dec;
(void)level;
(void)conn;
enc.value = buf;
enc.length = len;
maj = gss_unwrap(&min, *context, &enc, &dec, NULL, NULL);
if(maj != GSS_S_COMPLETE) {
if(len >= 4)
strcpy(buf, "599 ");
return -1;
}
memcpy(buf, dec.value
http://seclists.org/fulldisclosure/2022/Oct/28http://seclists.org/fulldisclosure/2022/Oct/41https://hackerone.com/reports/1590071https://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/https://security.gentoo.org/glsa/202212-01https://security.netapp.com/advisory/ntap-20220915-0003/https://support.apple.com/kb/HT213488https://www.debian.org/security/2022/dsa-5197http://seclists.org/fulldisclosure/2022/Oct/28http://seclists.org/fulldisclosure/2022/Oct/41https://hackerone.com/reports/1590071https://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/https://security.gentoo.org/glsa/202212-01https://security.netapp.com/advisory/ntap-20220915-0003/https://support.apple.com/kb/HT213488https://www.debian.org/security/2022/dsa-5197
2022-07-07
Published