CVE-2022-32208
Description
A flaw in curl's handling of krb5-secured FTP transfers allows MITM attacks to go undetected and inject data into the client.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A flaw in curl's handling of krb5-secured FTP transfers allows MITM attacks to go undetected and inject data into the client.
Vulnerability
In curl versions prior to 7.84.0, when performing FTP transfers secured by Kerberos (krb5), the library incorrectly handles message verification failures. This allows a Man-In-The-Middle attacker to inject data into the client without detection. The affected versions are all curl releases before 7.84.0.
Exploitation
An attacker with network position to intercept FTP traffic can exploit this by sending crafted responses that fail krb5 verification. Due to the flawed handling, the client does not detect the verification failure, allowing the attacker to inject arbitrary data into the FTP data stream.
Impact
Successful exploitation enables a Man-In-The-Middle attacker to inject data into the client's FTP transfer, potentially leading to data corruption or injection of malicious content. The integrity of the FTP session is compromised, and the attack goes unnoticed by the client.
Mitigation
The vulnerability is fixed in curl version 7.84.0 and later. Users should upgrade to at least curl 7.84.0. For systems where upgrade is not immediately possible, consider disabling krb5-secured FTP transfers or using alternative secure transfer methods. The Gentoo security advisory [3] recommends upgrading to curl 7.86.0 or later.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
43- osv-coords41 versionspkg:rpm/almalinux/curlpkg:rpm/almalinux/curl-minimalpkg:rpm/almalinux/libcurlpkg:rpm/almalinux/libcurl-develpkg:rpm/almalinux/libcurl-minimalpkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/curl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/curl&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/curl&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/curl&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/curl&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/curl&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/curl&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 7.76.1-14.el9_0.5+ 40 more
- (no CPE)range: < 7.76.1-14.el9_0.5
- (no CPE)range: < 7.76.1-14.el9_0.5
- (no CPE)range: < 7.76.1-14.el9_0.5
- (no CPE)range: < 7.76.1-14.el9_0.5
- (no CPE)range: < 7.76.1-14.el9_0.5
- (no CPE)range: < 7.66.0-150200.4.36.1
- (no CPE)range: < 7.79.1-150400.5.3.1
- (no CPE)range: < 7.66.0-150200.4.36.1
- (no CPE)range: < 7.84.0-1.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.66.0-150200.4.36.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.66.0-150200.4.36.1
- (no CPE)range: < 7.66.0-150200.4.36.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.66.0-150200.4.36.1
- (no CPE)range: < 7.66.0-150200.4.36.1
- (no CPE)range: < 7.66.0-150200.4.36.1
- (no CPE)range: < 7.79.1-150400.5.3.1
- (no CPE)range: < 7.37.0-37.79.1
- (no CPE)range: < 7.37.0-37.79.1
- (no CPE)range: < 7.60.0-4.38.1
- (no CPE)range: < 7.60.0-11.43.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.66.0-150200.4.36.1
- (no CPE)range: < 7.66.0-150200.4.36.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.60.0-4.38.1
- (no CPE)range: < 7.60.0-11.43.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.60.0-150000.33.1
- (no CPE)range: < 7.66.0-150200.4.36.1
- (no CPE)range: < 7.60.0-11.43.1
- (no CPE)range: < 7.66.0-150200.4.36.1
- (no CPE)range: < 7.66.0-150200.4.36.1
- (no CPE)range: < 7.66.0-150200.4.36.1
- (no CPE)range: < 7.60.0-4.38.1
- (no CPE)range: < 7.60.0-4.38.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
9- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/mitrevendor-advisory
- security.gentoo.org/glsa/202212-01mitrevendor-advisory
- www.debian.org/security/2022/dsa-5197mitrevendor-advisory
- seclists.org/fulldisclosure/2022/Oct/28mitremailing-list
- seclists.org/fulldisclosure/2022/Oct/41mitremailing-list
- lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlmitremailing-list
- hackerone.com/reports/1590071mitre
- security.netapp.com/advisory/ntap-20220915-0003/mitre
- support.apple.com/kb/HT213488mitre
News mentions
0No linked articles in our index yet.