CVE-2022-43552
Summary
| CVE | CVE-2022-43552 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-02-09 20:15:00 UTC |
|---|
| Updated | 2024-03-27 14:55:00 UTC |
|---|
| Description | A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| HackerOne |
MISC |
hackerone.com |
|
| curl: Multiple Vulnerabilities (GLSA 202310-12) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| December 2022 cURL/libcURL Vulnerabilities in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| About the security content of macOS Ventura 13.3 - Apple Support |
CONFIRM |
support.apple.com |
|
| Full Disclosure: APPLE-SA-2023-03-27-3 macOS Ventura 13.3 |
FULLDISC |
seclists.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160632 Oracle Enterprise Linux Security Update for curl (ELSA-2023-2478)
- 160695 Oracle Enterprise Linux Security Update for curl (ELSA-2023-2963)
- 161225 Oracle Enterprise Linux Security Update for curl (ELSA-2023-7743)
- 181508 Debian Security Update for curl (DSA 5330-1)
- 181512 Debian Security Update for curl (DLA 3288-1)
- 184559 Debian Security Update for curl (CVE-2022-43552)
- 199085 Ubuntu Security Notification for curl Vulnerabilities (USN-5788-1)
- 199491 Ubuntu Security Notification for curl Vulnerabilities (USN-5894-1)
- 241414 Red Hat Update for curl (RHSA-2023:2478)
- 241503 Red Hat Update for curl (RHSA-2023:2963)
- 241574 Red Hat Update for JBoss Core Services (RHSA-2023:3354)
- 242589 Red Hat Update for curl (RHSA-2023:7743)
- 242849 Red Hat Update for curl (RHSA-2024:0428)
- 257269 Centos Security Update for curl
- 257281 CentOS Security Update for curl Security Update (CESA-2023:7743)
- 283558 Fedora Security Update for curl (FEDORA-2022-d7ee33d4ad)
- 283562 Fedora Security Update for curl (FEDORA-2022-9836111c44)
- 330140 IBM AIX Multiple Vulnerabilities due to curl (curl_advisory2)
- 354700 Amazon Linux Security Advisory for curl : ALAS2022-2023-276
- 354731 Amazon Linux Security Advisory for curl : ALAS2-2023-1924
- 354899 Amazon Linux Security Advisory for curl : ALAS-2023-1729
- 355207 Amazon Linux Security Advisory for curl : ALAS2023-2023-083
- 378092 NetApp Clustered Data Open Network Technology for Appliance Products (ONTAP) Disclosure of Sensitive Information Vulnerability (NTAP-20230214-0002)
- 378189 Apple macOS Ventura 13.3 Not Installed (HT213670)
- 378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
- 378883 Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)
- 379349 Alibaba Cloud Linux Security Update for curl (ALINUX2-SA-2024:0007)
- 502614 Alpine Linux Security Update for curl
- 502615 Alpine Linux Security Update for curl
- 502616 Alpine Linux Security Update for curl
- 502718 Alpine Linux Security Update for curl
- 672614 EulerOS Security Update for curl (EulerOS-SA-2023-1309)
- 672716 EulerOS Security Update for curl (EulerOS-SA-2023-1438)
- 672777 EulerOS Security Update for curl (EulerOS-SA-2023-1463)
- 672792 EulerOS Security Update for curl (EulerOS-SA-2023-1522)
- 672820 EulerOS Security Update for curl (EulerOS-SA-2023-1547)
- 672836 EulerOS Security Update for curl (EulerOS-SA-2023-1571)
- 672845 EulerOS Security Update for curl (EulerOS-SA-2023-1581)
- 673109 EulerOS Security Update for curl (EulerOS-SA-2023-2139)
- 710772 Gentoo Linux curl Multiple Vulnerabilities (GLSA 202310-12)
- 753054 SUSE Enterprise Linux Security Update for curl (SUSE-SU-2022:4598-1)
- 753056 SUSE Enterprise Linux Security Update for curl (SUSE-SU-2022:4597-1)
- 754020 SUSE Enterprise Linux Security Update for curl (SUSE-SU-2023:2226-1)
- 754021 SUSE Enterprise Linux Security Update for curl (SUSE-SU-2023:2228-1)
- 905414 Common Base Linux Mariner (CBL-Mariner) Security Update for mysql (13267)
- 905415 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (13257)
- 905417 Common Base Linux Mariner (CBL-Mariner) Security Update for cmake (13256)
- 905419 Common Base Linux Mariner (CBL-Mariner) Security Update for rust (13269)
- 905427 Common Base Linux Mariner (CBL-Mariner) Security Update for cmake (13280)
- 905428 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (13284)
- 905429 Common Base Linux Mariner (CBL-Mariner) Security Update for rust (13289)
- 905430 Common Base Linux Mariner (CBL-Mariner) Security Update for mysql (13287)
- 905434 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (13284-1)
- 905663 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (13257-1)
- 906575 Common Base Linux Mariner (CBL-Mariner) Security Update for curl (13257-3)
- 906847 Common Base Linux Mariner (CBL-Mariner) Security Update for mysql (13287-1)
- 907374 Common Base Linux Mariner (CBL-Mariner) Security Update for rust (13289-1)
- 941021 AlmaLinux Security Update for curl (ALSA-2023:2478)
- 941095 AlmaLinux Security Update for curl (ALSA-2023:2963)
