{"api_version":"1","generated_at":"2026-04-23T00:41:45+00:00","cve":"CVE-2022-42915","urls":{"html":"https://cve.report/CVE-2022-42915","api":"https://cve.report/api/cve/CVE-2022-42915.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-42915","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-42915"},"summary":{"title":"CVE-2022-42915","description":"curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2022-10-29 20:15:00","updated_at":"2024-03-27 14:59:00"},"problem_types":["CWE-415"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/","name":"FEDORA-2022-39688a779d","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: curl-7.79.1-7.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2023/Jan/19","name":"20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2023-01-23-4 macOS Ventura 13.2","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/","name":"FEDORA-2022-e9d65906c4","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: curl-7.85.0-2.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2023/Jan/20","name":"20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202212-01","name":"GLSA-202212-01","refsource":"GENTOO","tags":[],"title":"curl: Multiple Vulnerabilities (GLSA 202212-01) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/","name":"FEDORA-2022-01ffde372c","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: curl-7.82.0-9.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://curl.se/docs/CVE-2022-42915.html","name":"https://curl.se/docs/CVE-2022-42915.html","refsource":"MISC","tags":[],"title":"curl - HTTP proxy double-free - CVE-2022-42915","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/","name":"FEDORA-2022-01ffde372c","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: curl-7.82.0-9.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/kb/HT213604","name":"https://support.apple.com/kb/HT213604","refsource":"CONFIRM","tags":[],"title":"About the security content of macOS Monterey 12.6.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/","name":"FEDORA-2022-39688a779d","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: curl-7.79.1-7.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/kb/HT213605","name":"https://support.apple.com/kb/HT213605","refsource":"CONFIRM","tags":[],"title":"About the security content of macOS Ventura 13.2 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20221209-0010/","name":"https://security.netapp.com/advisory/ntap-20221209-0010/","refsource":"CONFIRM","tags":[],"title":"October 2022 cURL/libcURL Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/","name":"FEDORA-2022-e9d65906c4","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: curl-7.85.0-2.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-42915","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42915","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"42915","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42915","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42915","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42915","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42915","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42915","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h300s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42915","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h300s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42915","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h410s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42915","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h410s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42915","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h500s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42915","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h500s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42915","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h700s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42915","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h700s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42915","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"ontap_9","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42915","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"splunk","cpe5":"universal_forwarder","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42915","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"splunk","cpe5":"universal_forwarder","cpe6":"9.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-42915","qid":"183260","title":"Debian Security Update for curl (CVE-2022-42915)"},{"cve":"CVE-2022-42915","qid":"199008","title":"Ubuntu Security Notification for curl Vulnerabilities (USN-5702-1)"},{"cve":"CVE-2022-42915","qid":"240996","title":"Red Hat Update for JBoss Core Services (RHSA-2022:8840)"},{"cve":"CVE-2022-42915","qid":"283261","title":"Fedora Security Update for curl (FEDORA-2022-01ffde372c)"},{"cve":"CVE-2022-42915","qid":"283302","title":"Fedora Security Update for curl (FEDORA-2022-39688a779d)"},{"cve":"CVE-2022-42915","qid":"283449","title":"Fedora Security Update for curl (FEDORA-2022-e9d65906c4)"},{"cve":"CVE-2022-42915","qid":"354115","title":"Amazon Linux Security Advisory for curl : ALAS2-2022-1882"},{"cve":"CVE-2022-42915","qid":"354289","title":"Amazon Linux Security Advisory for curl : ALAS2022-2022-246"},{"cve":"CVE-2022-42915","qid":"354553","title":"Amazon Linux Security Advisory for curl : ALAS-2022-246"},{"cve":"CVE-2022-42915","qid":"355207","title":"Amazon Linux Security Advisory for curl : ALAS2023-2023-083"},{"cve":"CVE-2022-42915","qid":"377927","title":"Apple macOS Ventura 13.2 Not Installed (HT213605)"},{"cve":"CVE-2022-42915","qid":"377928","title":"Apple macOS Monterey 12.6.3 Not Installed (HT213604)"},{"cve":"CVE-2022-42915","qid":"378101","title":"NetApp Clustered Data Open Network Technology for Appliance Products (ONTAP) Disclosure of Sensitive Information Denial of Service (DoS) Vulnerability (NTAP-20221209-0010)"},{"cve":"CVE-2022-42915","qid":"378599","title":"Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)"},{"cve":"CVE-2022-42915","qid":"378883","title":"Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)"},{"cve":"CVE-2022-42915","qid":"502573","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2022-42915","qid":"502575","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2022-42915","qid":"502717","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2022-42915","qid":"505613","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2022-42915","qid":"672494","title":"EulerOS Security Update for curl (EulerOS-SA-2023-1005)"},{"cve":"CVE-2022-42915","qid":"672512","title":"EulerOS Security Update for curl (EulerOS-SA-2023-1030)"},{"cve":"CVE-2022-42915","qid":"691009","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for curl (0f99a30c-7b4b-11ed-9168-080027f5fec9)"},{"cve":"CVE-2022-42915","qid":"710693","title":"Gentoo Linux curl Multiple Vulnerabilities (GLSA 202212-01)"},{"cve":"CVE-2022-42915","qid":"904443","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for curl (11411)"},{"cve":"CVE-2022-42915","qid":"904470","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for curl (11368)"},{"cve":"CVE-2022-42915","qid":"904491","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for curl (11368-1)"},{"cve":"CVE-2022-42915","qid":"904516","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for curl (11411-1)"},{"cve":"CVE-2022-42915","qid":"904866","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for cmake (12312)"},{"cve":"CVE-2022-42915","qid":"904893","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for mysql (12383)"},{"cve":"CVE-2022-42915","qid":"904924","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for rust (12438)"},{"cve":"CVE-2022-42915","qid":"905031","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for cmake (12470)"},{"cve":"CVE-2022-42915","qid":"905037","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for rust (12648)"},{"cve":"CVE-2022-42915","qid":"905105","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for mysql (12572)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2022-42915","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://curl.se/docs/CVE-2022-42915.html","url":"https://curl.se/docs/CVE-2022-42915.html"},{"refsource":"FEDORA","name":"FEDORA-2022-01ffde372c","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/"},{"refsource":"FEDORA","name":"FEDORA-2022-39688a779d","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/"},{"refsource":"FEDORA","name":"FEDORA-2022-e9d65906c4","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20221209-0010/","url":"https://security.netapp.com/advisory/ntap-20221209-0010/"},{"refsource":"GENTOO","name":"GLSA-202212-01","url":"https://security.gentoo.org/glsa/202212-01"},{"refsource":"CONFIRM","name":"https://support.apple.com/kb/HT213604","url":"https://support.apple.com/kb/HT213604"},{"refsource":"CONFIRM","name":"https://support.apple.com/kb/HT213605","url":"https://support.apple.com/kb/HT213605"},{"refsource":"FULLDISC","name":"20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3","url":"http://seclists.org/fulldisclosure/2023/Jan/20"},{"refsource":"FULLDISC","name":"20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2","url":"http://seclists.org/fulldisclosure/2023/Jan/19"}]}},"nvd":{"publishedDate":"2022-10-29 20:15:00","lastModifiedDate":"2024-03-27 14:59:00","problem_types":["CWE-415"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.77.0","versionEndExcluding":"7.86.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:ontap_9:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.6.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0","versionEndExcluding":"13.2","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0","versionEndExcluding":"8.2.12","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}