Main Vulnerability Database Vulnerabilities #VU62643

#VU62643 Resource management error in cURL - CVE-2022-27775

Published: April 27, 2022

Vulnerability identifier: #VU62643

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-27775

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
cURL

Software vendor:
curl.haxx.se

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to improper management of internal resources when handling IPv6 protocol. Due to errors in the logic, the config matching function did not take the IPv6 address zone id into account which could lead to libcurl reusing the wrong connection when one transfer uses a zone id and a subsequent transfer uses another (or no) zone id.

Remediation

Install updates from vendor's website.

External links

https://curl.haxx.se/docs/CVE-2022-27775.html