CVE-2022-43552
Description
Use-after-free in curl <7.87.0 when HTTP proxy denies tunneling SMB or TELNET, causing heap-use-after-free in shutdown code path.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free in curl <7.87.0 when HTTP proxy denies tunneling SMB or TELNET, causing heap-use-after-free in shutdown code path.
Vulnerability
A use-after-free vulnerability exists in curl versions prior to 7.87.0. The bug occurs in the transfer shutdown code path when an HTTP proxy denies a tunnel request for the SMB or TELNET protocols. When the proxy returns a denial, curl frees a heap-allocated struct but later continues to use it, leading to a use-after-free condition. All curl versions before 7.87.0 are affected [1][2].
Exploitation
An attacker would need to control an HTTP proxy that is used by curl. By configuring the proxy to deny tunnel operations for SMB or TELNET, the attacker can trigger the use-after-free when curl processes the denial during the shutdown phase. The attacker does not require authentication or write access to the target system; the network position to intercept or control the proxy response is sufficient [1][2].
Impact
Successful exploitation could lead to denial of service or potentially arbitrary code execution, as the heap-use-after-free may corrupt memory. The impact depends on the application using libcurl; in worst-case scenarios, an attacker could achieve remote code execution. However, the vendor notes that exploitation is limited to scenarios where an attacker can control the HTTP proxy response [1][2].
Mitigation
The vulnerability is fixed in curl version 7.87.0 and later. Users should upgrade to the latest version of curl (8.3.0-r2 or higher for Gentoo) [2]. For macOS Ventura, Apple addressed a related CVE-2023-32436 with improved bounds checks in macOS Ventura 13.3, but direct patch information for this specific CVE is not provided in the references. No workaround is available other than updating [1][2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
43- osv-coords41 versionspkg:apk/chainguard/curlpkg:apk/chainguard/curl-devpkg:apk/chainguard/curl-docpkg:apk/chainguard/curl-oci-entrypointpkg:apk/chainguard/curl-staticpkg:apk/chainguard/libcurl4pkg:apk/chainguard/libcurl-openssl4pkg:apk/wolfi/curlpkg:apk/wolfi/curl-devpkg:apk/wolfi/curl-docpkg:apk/wolfi/curl-oci-entrypointpkg:apk/wolfi/curl-staticpkg:apk/wolfi/libcurl4pkg:apk/wolfi/libcurl-openssl4pkg:rpm/almalinux/curlpkg:rpm/almalinux/curl-minimalpkg:rpm/almalinux/libcurlpkg:rpm/almalinux/libcurl-develpkg:rpm/almalinux/libcurl-minimalpkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/curl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/curl&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/curl&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 7.87.0-r0+ 40 more
- (no CPE)range: < 7.87.0-r0
- (no CPE)range: < 7.87.0-r0
- (no CPE)range: < 7.87.0-r0
- (no CPE)range: < 7.87.0-r0
- (no CPE)range: < 7.87.0-r0
- (no CPE)range: < 7.87.0-r0
- (no CPE)range: < 7.87.0-r0
- (no CPE)range: < 7.87.0-r0
- (no CPE)range: < 7.87.0-r0
- (no CPE)range: < 7.87.0-r0
- (no CPE)range: < 7.87.0-r0
- (no CPE)range: < 7.87.0-r0
- (no CPE)range: < 7.87.0-r0
- (no CPE)range: < 7.87.0-r0
- (no CPE)range: < 7.76.1-23.el9
- (no CPE)range: < 7.76.1-23.el9
- (no CPE)range: < 7.76.1-23.el9
- (no CPE)range: < 7.76.1-23.el9
- (no CPE)range: < 7.76.1-23.el9
- (no CPE)range: < 7.66.0-150200.4.45.1
- (no CPE)range: < 7.79.1-150400.5.12.1
- (no CPE)range: < 7.66.0-150200.4.45.1
- (no CPE)range: < 7.79.1-150400.5.12.1
- (no CPE)range: < 7.87.0-1.1
- (no CPE)range: < 7.60.0-150000.51.1
- (no CPE)range: < 7.60.0-150000.51.1
- (no CPE)range: < 7.66.0-150200.4.45.1
- (no CPE)range: < 7.66.0-150200.4.45.1
- (no CPE)range: < 7.79.1-150400.5.12.1
- (no CPE)range: < 7.79.1-150400.5.12.1
- (no CPE)range: < 7.66.0-150200.4.45.1
- (no CPE)range: < 7.60.0-4.56.1
- (no CPE)range: < 7.60.0-4.56.1
- (no CPE)range: < 7.60.0-11.52.1
- (no CPE)range: < 7.60.0-150000.51.1
- (no CPE)range: < 7.60.0-4.56.1
- (no CPE)range: < 7.60.0-11.52.1
- (no CPE)range: < 7.60.0-150000.51.1
- (no CPE)range: < 7.60.0-11.52.1
- (no CPE)range: < 7.60.0-4.56.1
- (no CPE)range: < 7.60.0-4.56.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
5- security.gentoo.org/glsa/202310-12mitrevendor-advisory
- seclists.org/fulldisclosure/2023/Mar/17mitremailing-list
- hackerone.com/reports/1764858mitre
- security.netapp.com/advisory/ntap-20230214-0002/mitre
- support.apple.com/kb/HT213670mitre
News mentions
0No linked articles in our index yet.