CVE-2022-42916

CWE-319 — Cleartext Transmission14 documents11 sources

Severity

7.5HIGH

EPSS

0.1%

top 74.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Haxx Curl Splunk Universal Forwarder +1 more

Timeline

PublishedOct 29

Latest updateApr 15

Description

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCI…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDhaxx/curl7.77.0 — 7.86.0

▶Debiancurl< 7.86.0-1+2

▶NVDapple/macos13.0 — 13.2+1

▶NVDsplunk/universal_forwarder8.2.0 — 8.2.12+2

Also affects: Fedora 35, 36, 37

🔴Vulnerability Details

CVEList

CVE-2022-42916: In curl before 7↗2022-10-29

▶

OSV

CVE-2022-42916: In curl before 7↗2022-10-29

▶

GHSA

GHSA-6295-5j29-3cc8: In curl before 7↗2022-10-29

▶

📋Vendor Advisories

Oracle

Oracle Oracle Virtualization Risk Matrix: Core (cURL) — CVE-2022-42916↗2023-04-15

▶

Apple

CVE-2022-42916: macOS Ventura 13.2↗2023-01-23

▶

Apple

CVE-2022-42916: macOS Monterey 12.6.3↗2023-01-23

▶

Red Hat

curl: HSTS bypass via IDN↗2022-10-26

▶

Ubuntu

curl vulnerabilities↗2022-10-26

▶

💬Community

HackerOne

CVE-2022-43551: Another HSTS bypass via IDN↗2022-12-21

▶

HackerOne

CVE-2022-42916: HSTS bypass via IDN↗2022-11-03

▶

HackerOne

CVE-2022-42916: HSTS bypass via IDN↗2022-10-27

▶