rpm package
suse/curl&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-32221 | — | < 7.66.0-150200.4.42.1 | 7.66.0-150200.4.42.1 | Dec 5, 2022 | When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This f | ||
| CVE-2022-32208 | — | < 7.66.0-150200.4.36.1 | 7.66.0-150200.4.36.1 | Jul 7, 2022 | When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. | ||
| CVE-2022-32206 | — | < 7.66.0-150200.4.36.1 | 7.66.0-150200.4.36.1 | Jul 7, 2022 | curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to ins | ||
| CVE-2022-27782 | Hig | 7.5 | < 7.66.0-150200.4.33.1 | 7.66.0-150200.4.33.1 | Jun 2, 2022 | libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, s | |
| CVE-2022-27781 | Hig | 7.5 | < 7.66.0-150200.4.33.1 | 7.66.0-150200.4.33.1 | Jun 2, 2022 | libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve |
- CVE-2022-32221Dec 5, 2022affected < 7.66.0-150200.4.42.1fixed 7.66.0-150200.4.42.1
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This f
- CVE-2022-32208Jul 7, 2022affected < 7.66.0-150200.4.36.1fixed 7.66.0-150200.4.36.1
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
- CVE-2022-32206Jul 7, 2022affected < 7.66.0-150200.4.36.1fixed 7.66.0-150200.4.36.1
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to ins
- affected < 7.66.0-150200.4.33.1fixed 7.66.0-150200.4.33.1
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, s
- affected < 7.66.0-150200.4.33.1fixed 7.66.0-150200.4.33.1
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve