CVE-2022-30115

Name
CVE-2022-30115
Description
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://hackerone.com/reports/1557449
CONFIRM https://security.netapp.com/advisory/ntap-20220609-0009/
Mailing List http://www.openwall.com/lists/oss-security/2022/10/26/4
Third Party Advisory https://security.gentoo.org/glsa/202212-01
Mailing List http://www.openwall.com/lists/oss-security/2022/12/21/1

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* curl >= 7.82.0 < 7.83.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
curl edge-main 7.83.1-r0 None fixed
curl edge-main 7.83.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
curl 3.22-main 7.83.1-r0 None fixed
curl 3.22-main 7.83.0-r0 None possibly vulnerable
curl 3.21-main 7.83.1-r0 None fixed
curl 3.21-main 7.83.0-r0 None possibly vulnerable
curl 3.20-main 7.83.1-r0 None fixed
curl 3.20-main 7.83.0-r0 None possibly vulnerable
curl 3.19-main 7.83.1-r0 None fixed
curl 3.19-main 7.83.0-r0 None possibly vulnerable
curl 3.18-main 7.83.1-r0 None fixed
curl 3.17-main 7.83.1-r0 None fixed