CVE-2022-27778
Published on: Not Yet Published
Last Modified on: 06/13/2022 03:40:00 PM UTC
Certain versions of Curl from Haxx contain the following vulnerability:
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
- CVE-2022-27778 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 8.1 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | NONE | HIGH | HIGH |
CVSS2 Score: 5.8 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
June 2022 Libcurl Vulnerabilities in NetApp Products | NetApp Product Security | security.netapp.com text/html |
![]() |
HackerOne | hackerone.com text/html |
![]() |
Related QID Numbers
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Haxx | Curl | All | All | All | All |
Application | Haxx | Curl | 7.83.0 | All | All | All |
- cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*:
- cpe:2.3:a:haxx:curl:7.83.0:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2022-27778: removes wrong file on error CVE-2022-27779: cookie for trailing dot TLD CVE-2022-27780: percent-enc… twitter.com/i/web/status/1… | 2022-05-11 06:44:32 |
![]() |
[email protected] changed net/curl: net/curl: security update to 7.83.1 Includes fixes for CVE-2022-27778: curl removes wrong… twitter.com/i/web/status/1… | 2022-05-11 20:55:19 |
![]() |
OPENBSD_7_1 [email protected] changed net/curl: net/curl: security update to 7.83.1 Includes fixes for CVE-2022-27778: curl re… twitter.com/i/web/status/1… | 2022-05-11 21:55:19 |
![]() |
OPENBSD_7_1 [email protected] changed net/curl: net/curl: security update to 7.83.1 Includes fixes for CVE-2022-27778: curl re… twitter.com/i/web/status/1… | 2022-05-11 21:55:20 |
![]() |
cURL に意図せず元のファイルを削除する問題 (CVE-2022-27778) [42168] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報 | 2022-05-12 08:00:03 |
![]() |
[email protected] #Vulnérabilité de cURL : effacement de fichier. vigilance.fr/vulnerabilite/… Références : #CVE-2022-27778.… twitter.com/i/web/status/1… | 2022-05-13 06:09:03 |
![]() |
[email protected] #Vulnerability of cURL: file deletion. vigilance.fr/vulnerability/… Identifiers: #CVE-2022-27778. #patch https://t.co/3AwOtj0tnf | 2022-05-13 06:09:04 |
![]() |
cve.report/CVE-2022-27778 A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong fi… twitter.com/i/web/status/1… | 2022-06-02 16:35:29 |
![]() |
already curl-7.83.0 is vulnerable: | 2022-05-13 21:52:27 |