CVE-2022-27782

Name
CVE-2022-27782
Description
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://hackerone.com/reports/1555796
CONFIRM https://security.netapp.com/advisory/ntap-20220609-0009/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* curl >= None < 7.83.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
curl 3.15-main 7.80.0-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
curl 3.14-main 7.79.1-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
curl 3.13-main 7.79.1-r2 Natanael Copa <ncopa@alpinelinux.org> fixed