CVE-2022-22576

CVE-2022-22576

Name

CVE-2022-22576

Description

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://hackerone.com/reports/1526328
Third Party Advisory	https://security.netapp.com/advisory/ntap-20220609-0008/
Third Party Advisory	https://www.debian.org/security/2022/dsa-5197
Mailing List	https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html

Type

URI

MISC

https://hackerone.com/reports/1526328

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220609-0008/

Third Party Advisory

https://www.debian.org/security/2022/dsa-5197

Mailing List

https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:haxx:curl::::::::`	curl	>= 7.33.0	< 7.83.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

curl

>= 7.33.0

< 7.83.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
curl	3.12-main	7.79.1-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
curl	3.15-main	7.80.0-r6	Natanael Copa <ncopa@alpinelinux.org>	fixed
curl	3.14-main	7.79.1-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

curl

3.12-main

7.79.1-r1

Natanael Copa <ncopa@alpinelinux.org>

fixed

curl

3.15-main