rpm package
opensuse/curl&distro=openSUSE Leap Micro 5.2
pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%20Micro%205.2
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-43552 | — | < 7.66.0-150200.4.45.1 | 7.66.0-150200.4.45.1 | Feb 9, 2023 | A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl wo | ||
| CVE-2022-32221 | — | < 7.66.0-150200.4.42.1 | 7.66.0-150200.4.42.1 | Dec 5, 2022 | When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This f | ||
| CVE-2022-35252 | — | < 7.66.0-150200.4.39.1 | 7.66.0-150200.4.39.1 | Sep 23, 2022 | When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. | ||
| CVE-2022-32208 | — | < 7.66.0-150200.4.36.1 | 7.66.0-150200.4.36.1 | Jul 7, 2022 | When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. | ||
| CVE-2022-32206 | — | < 7.66.0-150200.4.36.1 | 7.66.0-150200.4.36.1 | Jul 7, 2022 | curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to ins |
- CVE-2022-43552Feb 9, 2023affected < 7.66.0-150200.4.45.1fixed 7.66.0-150200.4.45.1
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl wo
- CVE-2022-32221Dec 5, 2022affected < 7.66.0-150200.4.42.1fixed 7.66.0-150200.4.42.1
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This f
- CVE-2022-35252Sep 23, 2022affected < 7.66.0-150200.4.39.1fixed 7.66.0-150200.4.39.1
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
- CVE-2022-32208Jul 7, 2022affected < 7.66.0-150200.4.36.1fixed 7.66.0-150200.4.36.1
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
- CVE-2022-32206Jul 7, 2022affected < 7.66.0-150200.4.36.1fixed 7.66.0-150200.4.36.1
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to ins