High severity7.5NVD Advisory· Published Jun 2, 2022· Updated May 27, 2026
CVE-2022-27782
CVE-2022-27782
Description
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
47cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*range: >=8.2.0,<8.2.12
- cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
- osv-coords42 versionspkg:rpm/almalinux/curlpkg:rpm/almalinux/libcurlpkg:rpm/almalinux/libcurl-develpkg:rpm/almalinux/libcurl-minimalpkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/curl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/curl&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/curl&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/curl&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/curl&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/curl&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/curl&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/curl&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/curl&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/curl&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 7.61.1-22.el8_6.3+ 41 more
- (no CPE)range: < 7.61.1-22.el8_6.3
- (no CPE)range: < 7.61.1-22.el8_6.3
- (no CPE)range: < 7.61.1-22.el8_6.3
- (no CPE)range: < 7.61.1-22.el8_6.3
- (no CPE)range: < 7.66.0-150200.4.33.1
- (no CPE)range: < 7.83.1-1.1
- (no CPE)range: < 7.37.0-37.76.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.66.0-150200.4.33.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.66.0-150200.4.33.1
- (no CPE)range: < 7.66.0-150200.4.33.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.66.0-150200.4.33.1
- (no CPE)range: < 7.66.0-150200.4.33.1
- (no CPE)range: < 7.66.0-150200.4.33.1
- (no CPE)range: < 7.37.0-37.76.1
- (no CPE)range: < 7.37.0-37.76.1
- (no CPE)range: < 7.37.0-37.76.1
- (no CPE)range: < 7.60.0-4.38.1
- (no CPE)range: < 7.60.0-11.40.2
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.66.0-150200.4.33.1
- (no CPE)range: < 7.66.0-150200.4.33.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.37.0-37.76.1
- (no CPE)range: < 7.60.0-4.38.1
- (no CPE)range: < 7.60.0-11.40.2
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.66.0-150200.4.33.1
- (no CPE)range: < 7.60.0-11.40.2
- (no CPE)range: < 7.66.0-150200.4.33.1
- (no CPE)range: < 7.66.0-150200.4.33.1
- (no CPE)range: < 7.66.0-150200.4.33.1
- (no CPE)range: < 7.37.0-37.76.1
- (no CPE)range: < 7.60.0-4.38.1
- (no CPE)range: < 7.37.0-37.76.1
- (no CPE)range: < 7.60.0-4.38.1
Patches
Vulnerability mechanics
References
6- hackerone.com/reports/1555796nvdExploitThird Party Advisory
- lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/202212-01nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20220609-0009/nvdThird Party Advisory
- www.debian.org/security/2022/dsa-5197nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2023/03/20/6nvdMailing List
News mentions
0No linked articles in our index yet.