openEuler 22.03 LTS update for curl
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2022-42915 CVE-2022-32221 CVE-2022-42916 |
| CWE-ID | CWE-415 CWE-440 CWE-319 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
openEuler Operating systems & Components / Operating system curl-help Operating systems & Components / Operating system package or component curl-debugsource Operating systems & Components / Operating system package or component libcurl Operating systems & Components / Operating system package or component curl-debuginfo Operating systems & Components / Operating system package or component libcurl-devel Operating systems & Components / Operating system package or component curl Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Double Free
EUVDB-ID: #VU68748
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-42915
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing non-200 proxy HTTP responses for the following schemes: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, telnet. A remote attacker can trigger a double free error by forcing the application into connecting to resources that are not allowed by the configured proxy.
Mitigation
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
curl-help: before 7.79.1-12
curl-debugsource: before 7.79.1-12
libcurl: before 7.79.1-12
curl-debuginfo: before 7.79.1-12
libcurl-devel: before 7.79.1-12
curl: before 7.79.1-12
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:curl-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:curl-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libcurl:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:curl-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libcurl-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:curl:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2041
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Expected behavior violation
EUVDB-ID: #VU68746
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-32221
CWE-ID:
CWE-440 - Expected Behavior Violation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to force unexpected application behavior.
The vulnerability exists due to a logic error for a reused handle when processing subsequent HTTP PUT and POST requests. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request, which used that callback. As a result, such behavior can influence application flow and force unpredictable outcome.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
curl-help: before 7.79.1-12
curl-debugsource: before 7.79.1-12
libcurl: before 7.79.1-12
curl-debuginfo: before 7.79.1-12
libcurl-devel: before 7.79.1-12
curl: before 7.79.1-12
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:curl-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:curl-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libcurl:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:curl-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libcurl-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:curl:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2041
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cleartext transmission of sensitive information
EUVDB-ID: #VU68749
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-42916
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when parsing URL with IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. A remote attacker can bypass curl's HSTS check and trick it into using unencrypted HTTP protocol.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
curl-help: before 7.79.1-12
curl-debugsource: before 7.79.1-12
libcurl: before 7.79.1-12
curl-debuginfo: before 7.79.1-12
libcurl-devel: before 7.79.1-12
curl: before 7.79.1-12
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:curl-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:curl-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libcurl:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:curl-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libcurl-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:curl:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2041
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
