SUSE update for curl

1) Infinite loop

EUVDB-ID: #VU63008

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-27781

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when handling requests with the CURLOPT_CERTINFO option. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected package curl to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP3-LTSS

SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP3-LTSS

SUSE Enterprise Storage: 7.1

SUSE Linux Enterprise Micro: 5.1 - 5.2

SUSE Manager Server: 4.1 - 4.2

SUSE Manager Retail Branch Server: 4.1

SUSE Manager Proxy: 4.1 - 4.2

SUSE Linux Enterprise Server for SAP: 15-SP2

SUSE Linux Enterprise Desktop: 15-SP3

openSUSE Leap: 15.3

SUSE Linux Enterprise Server for SAP Applications: 15-SP3

SUSE Linux Enterprise Module for Basesystem: 15-SP3

libcurl4-32bit-debuginfo: before 7.66.0-150200.4.33.1

libcurl4-32bit: before 7.66.0-150200.4.33.1

libcurl-devel-32bit: before 7.66.0-150200.4.33.1

libcurl4-debuginfo: before 7.66.0-150200.4.33.1

libcurl4: before 7.66.0-150200.4.33.1

libcurl-devel: before 7.66.0-150200.4.33.1

curl-debugsource: before 7.66.0-150200.4.33.1

curl-debuginfo: before 7.66.0-150200.4.33.1

curl: before 7.66.0-150200.4.33.1

CPE2.3

• cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP2-BCL:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP2-LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP3-LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP2-ESPOS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP2-LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP3-LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_desktop:15-SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:opensuse_leap:15.3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_module_for_basesystem:15-SP3:*:*:*:*:*:*:*
• cpe:2.3:a:suse:libcurl4-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:libcurl4-32bit:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:libcurl-devel-32bit:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:libcurl4-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:libcurl4:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:libcurl-devel:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:curl-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:curl-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:curl:*:*:*:*:*:suse_linux:*:*

External links

https://www.suse.com/support/update/announcement/2022/suse-su-20221870-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Incorrect Implementation of Authentication Algorithm

EUVDB-ID: #VU63009

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-27782

CWE-ID: CWE-303 - Incorrect Implementation of Authentication Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several TLS and SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.

Mitigation

Update the affected package curl to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 15-SP2-BCL - 15-SP3-LTSS

SUSE Linux Enterprise High Performance Computing: 15-SP2-ESPOS - 15-SP3-LTSS

SUSE Enterprise Storage: 7.1

SUSE Linux Enterprise Micro: 5.1 - 5.2

SUSE Manager Server: 4.1 - 4.2

SUSE Manager Retail Branch Server: 4.1

SUSE Manager Proxy: 4.1 - 4.2

SUSE Linux Enterprise Server for SAP: 15-SP2

SUSE Linux Enterprise Desktop: 15-SP3

openSUSE Leap: 15.3

SUSE Linux Enterprise Server for SAP Applications: 15-SP3

SUSE Linux Enterprise Module for Basesystem: 15-SP3

libcurl4-32bit-debuginfo: before 7.66.0-150200.4.33.1

libcurl4-32bit: before 7.66.0-150200.4.33.1

libcurl-devel-32bit: before 7.66.0-150200.4.33.1

libcurl4-debuginfo: before 7.66.0-150200.4.33.1

libcurl4: before 7.66.0-150200.4.33.1

libcurl-devel: before 7.66.0-150200.4.33.1

curl-debugsource: before 7.66.0-150200.4.33.1

curl-debuginfo: before 7.66.0-150200.4.33.1

curl: before 7.66.0-150200.4.33.1

CPE2.3

• cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP2-BCL:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP2-LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP3-LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP2-ESPOS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP2-LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP3-LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_desktop:15-SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:opensuse_leap:15.3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_module_for_basesystem:15-SP3:*:*:*:*:*:*:*
• cpe:2.3:a:suse:libcurl4-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:libcurl4-32bit:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:libcurl-devel-32bit:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:libcurl4-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:libcurl4:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:libcurl-devel:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:curl-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:curl-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:curl:*:*:*:*:*:suse_linux:*:*

External links

https://www.suse.com/support/update/announcement/2022/suse-su-20221870-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.