CVE-2022-27778
Published on: Not Yet Published
Last Modified on: 02/28/2023 03:42:00 PM UTC
Certain versions of Curl from Haxx contain the following vulnerability:
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
- CVE-2022-27778 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 8.1 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | NONE | HIGH | HIGH |
CVSS2 Score: 5.8 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
July 2022 MySQL Server Vulnerabilities in NetApp Products | NetApp Product Security | security.netapp.com text/html |
![]() |
June 2022 Libcurl Vulnerabilities in NetApp Products | NetApp Product Security | security.netapp.com text/html |
![]() |
HackerOne | hackerone.com text/html |
![]() |
Oracle Critical Patch Update Advisory - July 2022 | www.oracle.com text/html |
![]() |
Related QID Numbers
- 20266 Oracle MySQL July 2022 Critical Patch Update (CPUJUL2022)
- 296082 Oracle Solaris 11.4 Support Repository Update (SRU) 48.126.1 Missing (CPUJUL2022)
- 502213 Alpine Linux Security Update for curl
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 690868 Free Berkeley Software Distribution (FreeBSD) Security Update for curl (11e36890-d28c-11ec-a06f-d4c9ef517024)
- 690902 Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (8e150606-08c9-11ed-856e-d4c9ef517024)
- 902154 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9867)
- 902159 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9876)
- 902371 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9876-1)
- 903722 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9867-1)
Exploit/POC from Github
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is u…
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Haxx | Curl | All | All | All | All |
Application | Haxx | Curl | 7.83.0 | All | All | All |
Application | Netapp | Active Iq Unified Manager | - | All | All | All |
Application | Netapp | Active Iq Unified Manager | - | All | All | All |
Operating System | Netapp | Bh500s Firmware | - | All | All | All |
Application | Netapp | Clustered Data Ontap | - | All | All | All |
Hardware
| Netapp | H300s | - | All | All | All |
Operating System | Netapp | H300s Firmware | - | All | All | All |
Hardware
| Netapp | H410s | - | All | All | All |
Operating System | Netapp | H410s Firmware | - | All | All | All |
Hardware
| Netapp | H500s | - | All | All | All |
Hardware
| Netapp | H700s | - | All | All | All |
Operating System | Netapp | H700s Firmware | - | All | All | All |
Hardware
| Netapp | Hci Compute Node | - | All | All | All |
Operating System | Netapp | Hci Compute Node Firmware | - | All | All | All |
Application | Netapp | Oncommand Insight | - | All | All | All |
Application | Netapp | Oncommand Workflow Automation | - | All | All | All |
Application | Netapp | Snapcenter | - | All | All | All |
Application | Netapp | Solidfire Hci Management Node | - | All | All | All |
Hardware
| Netapph700s | - | All | All | All | All |
Application | Oracle | Mysql Server | All | All | All | All |
Application | Oracle | Mysql Server | All | All | All | All |
- cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*:
- cpe:2.3:a:haxx:curl:7.83.0:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*:
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*:
- cpe:2.3:o:netapp:bh500s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapph700s:-:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2022-27778: removes wrong file on error CVE-2022-27779: cookie for trailing dot TLD CVE-2022-27780: percent-enc… twitter.com/i/web/status/1… | 2022-05-11 06:44:32 |
![]() |
[email protected] changed net/curl: net/curl: security update to 7.83.1 Includes fixes for CVE-2022-27778: curl removes wrong… twitter.com/i/web/status/1… | 2022-05-11 20:55:19 |
![]() |
OPENBSD_7_1 [email protected] changed net/curl: net/curl: security update to 7.83.1 Includes fixes for CVE-2022-27778: curl re… twitter.com/i/web/status/1… | 2022-05-11 21:55:19 |
![]() |
OPENBSD_7_1 [email protected] changed net/curl: net/curl: security update to 7.83.1 Includes fixes for CVE-2022-27778: curl re… twitter.com/i/web/status/1… | 2022-05-11 21:55:20 |
![]() |
cURL に意図せず元のファイルを削除する問題 (CVE-2022-27778) [42168] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報 | 2022-05-12 08:00:03 |
![]() |
[email protected] #Vulnérabilité de cURL : effacement de fichier. vigilance.fr/vulnerabilite/… Références : #CVE-2022-27778.… twitter.com/i/web/status/1… | 2022-05-13 06:09:03 |
![]() |
[email protected] #Vulnerability of cURL: file deletion. vigilance.fr/vulnerability/… Identifiers: #CVE-2022-27778. #patch https://t.co/3AwOtj0tnf | 2022-05-13 06:09:04 |
![]() |
cve.report/CVE-2022-27778 A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong fi… twitter.com/i/web/status/1… | 2022-06-02 16:35:29 |
![]() |
already curl-7.83.0 is vulnerable: | 2022-05-13 21:52:27 |