CVE-2022-43551

CWE-319Cleartext Transmission13 documents11 sources
Severity
7.5HIGH
EPSS
0.0%
top 87.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Haxx CurlSplunk Universal ForwarderHttps: /github.com/curl/curl+1 more
Timeline
PublishedDec 23
Latest updateApr 15

Description

A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

CVEListV5https://github.com/curl/curlFixed in curl 7.87.0
NVDhaxx/curl7.77.07.87.0
Debiancurl< 7.86.0-3+2
Ubuntucurl< 7.58.0-2ubuntu3.22+2
NVDsplunk/universal_forwarder8.2.08.2.12+2

Also affects: Fedora 37

🔴Vulnerability Details

4
OSV
curl vulnerabilities2023-01-05
GHSA
GHSA-25m2-mpq4-29vh: A vulnerability exists in curl <72022-12-23
CVEList
CVE-2022-43551: A vulnerability exists in curl <72022-12-23
OSV
CVE-2022-43551: A vulnerability exists in curl <72022-12-23

📋Vendor Advisories

6
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: SSL Module (cURL) — CVE-2022-435512023-04-15
Apple
CVE-2022-43551: macOS Ventura 13.32023-03-27
Ubuntu
curl vulnerabilities2023-01-05
Red Hat
curl: HSTS bypass via IDN2022-12-21
Microsoft
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support curl can be instructed to use HTTPS instead of using an insecure clear-t2022-12-13

💬Community

2
HackerOne
CVE-2022-43551: Another HSTS bypass via IDN2023-02-03
HackerOne
CVE-2022-43551: Another HSTS bypass via IDN2022-12-21