CVE-2022-32221: When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the…

[CRITICAL] Siemens SINEC NMS Third-Party ICS Advisory ## Siemens SINEC NMS Third-Party Release DateMay 11, 2023 Alert CodeICSA-23-131-05 As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). ## 1. EXECUTIVE SUMMARY - CVSS v3 9.8 - ATTENTION: Exploitable remotely/low attack complexity - Vendor: Siemens - Equipment: Third-party components libexpat and libcurl in SINEC NMS - Vulnerabilities: Expected Behavior Violation, Improper Validation of Syntactic Correctness of Input, Stack-based Buffer Overflow, Use After Free, Double Free, Cleartext Tran

CVE-2023-21869 MySQL vulnerabilities Title: MySQL vulnerabilities Summary: Several security issues were fixed in MySQL. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html https://www.oracle.com/security-alerts/cpujan2023.html Instructions: This update uses a new upstream release, which includes additional bug fixes. I

CVE-2022-32221 [CRITICAL] CVE-2022-32221: macOS Monterey 12.6.3 Apple Security Update: About the security content of macOS Monterey 12.6.3 Product: macOS Monterey Version: 12.6.3 CVE: CVE-2022-32221 Component: CVE-2022-32221

CVE-2022-32221 [CRITICAL] CVE-2022-32221: macOS Ventura 13.2 Apple Security Update: About the security content of macOS Ventura 13.2 Product: macOS Ventura Version: 13.2 CVE: CVE-2022-32221 Component: CVE-2022-32221

CVE-2022-32221 [CRITICAL] Oracle Oracle MySQL Risk Matrix: Server: Packaging (cURL) — CVE-2022-32221 Oracle Oracle MySQL Risk Matrix: Server: Packaging (cURL) vulnerability CVE: CVE-2022-32221 CVSS: 9.8 Protocol: MySQL Protocol Remote exploit: Yes Affected versions: Network Advisory: cpujan2023 (JAN 2023)

CVE-2022-32221 [CRITICAL] CWE-668 When doing HTTP(S) transfers libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send even when the `CURLOPT_POSTFIELDS` option has been set if the same handle When doing HTTP(S) transfers libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send even when the `CURLOPT_POSTFIELDS` option has been set if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to

CVE-2022-32221 [CRITICAL] CWE-440 curl: POST following PUT confusion curl: POST following PUT confusion When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. A vulnerability was found in curl. The issue occurs when doing HTTP(S) transfers, where curl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option h

CVE-2022-32221 [CRITICAL] curl vulnerability Title: curl vulnerability Summary: curl could crash if it received a specially crafted POST operations after PUT operations. USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. (CVE-2022-32221) Instructions: In general, a standard system update will make all the necessary changes.

CVE-2022-32221 [CRITICAL] curl vulnerabilities Title: curl vulnerabilities Summary: Several security issues were fixed in curl. Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. (CVE-2022-32221) Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-35260) It was discovered that curl incorrectly handled certain HTTP proxy return codes. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbit

CVE-2022-32221 [CRITICAL] CVE-2022-32221: curl - When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`... When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. Scope: local bookworm: resolved (fixed in 7.86.0-1) bullseye: resolved (fixed in 7.74.0-1.3+deb11u5) forky: resolved (fixed in 7.86.0-1) sid: resolved (fixed in 7.86.0-1) trixie: resolved (fixed in 7.86.0-1)

CVE-2022-32221 [CRITICAL] CWE-200 GHSA-grfr-78m7-q35q: When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

CVE-2022-32221 [CRITICAL] CVE-2022-32221: When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

CVE-2022-32221 [CRITICAL] curl vulnerabilities curl vulnerabilities Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. (CVE-2022-32221) Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-35260) It was discovered that curl incorrectly handled certain HTTP proxy return codes. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubu

CVE-2022-32221 [CRITICAL] curl vulnerability curl vulnerability USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. (CVE-2022-32221)

[CRITICAL] [High] MITM via Insecure CA Path Handling in cURL (--capath, CURLOPT_CAPATH) (CWE-494: Download of Code Without Integrity Check) [High] MITM via Insecure CA Path Handling in cURL (--capath, CURLOPT_CAPATH) (CWE-494: Download of Code Without Integrity Check) ## Summary: The --capath option in cURL and CURLOPT_CAPATH in libcurl accept any directory path without validation. If an attacker provides a custom CA path containing a fake root certificate, cURL will trust malicious HTTPS endpoints signed with that fake root. This allows for full Man-in-the-Middle (MITM) attacks and silent decryption of HTTPS traffic without user warnings. ## Affected version Affected Asset: Component: cURL CLI and libcurl Versions: 7.82.0 to 8.4.0 Platform: All OS (Linux, macOS, Windows) ## Steps To Reproduce: Works across OS, no user interaction required, and reproducible without root. 1.Create Fake Root CA: openssl req -x509 -newkey rs

CVE-2023-28322 [CRITICAL] CVE-2023-28322: more POST-after-PUT confusion CVE-2023-28322: more POST-after-PUT confusion ## Summary: CVE-2022-32221 fixes is insufficient. In CVE-2022-32221, only CURLOPT_POST was corrected. However, CURLOPT_POST is not necessarily used when sending data with the POST method. CURLOPT_POST is not used in the CURLOPT_POSTFIELDS usage example on the official website. ``` CURL *curl = curl_easy_init(); if(curl) { const char *data = "data to send"; curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); /* size of the POST data */ curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, 12L); /* pass in a pointer to the data - libcurl will not copy */ curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data); curl_easy_perform(curl); } ``` Also on this page is the following statement. >Using CURLOPT_POSTFIELDS implies setting CURLOPT_POST to 1.

[CRITICAL] POST following PUT confusion POST following PUT confusion The bug I submitted at https://github.com/curl/curl/issues/9507 can have at least a few unintended security issues: Information Disclosure: this bug causes an HTTP PUT to occur when the user intends for an HTTP POST to occur. The user, who intended an HTTP POST, expects the POSTed information to come from CURLOPT_POSTFIELDS. However, as an HTTP PUT is performed instead, the data that is PUT comes from a buffer specified in CURLOPT_READDATA, which may be sensitive information intended for an entirely different host (host1.com below). If CURLOPT_READDATA is not specified, this data could come from stdin! Use after free: using the description above, if the user had already freed the data specified in CURLOPT_READDATA, then the unintended HTTP PUT (which was inte

CVE-2022-32221 [CRITICAL] CVE-2022-32221: POST following PUT confusion CVE-2022-32221: POST following PUT confusion ## Summary: The bug I submitted at https://github.com/curl/curl/issues/9507 can have at least a few unintended security issues: - Information Disclosure: this bug causes an HTTP PUT to occur when the user intends for an HTTP POST to occur. The user, who intended an HTTP POST, expects the POSTed information to come from CURLOPT_POSTFIELDS. However, as an HTTP PUT is performed instead, the data that is PUT comes from a buffer specified in CURLOPT_READDATA, which may be sensitive information intended for an entirely different host (host1.com below). If CURLOPT_READDATA is not specified, this data could come from stdin! - Use after free: using the description above, if the user had already freed the data specified in CURLOPT_READDATA, then the unin