#VU68748 Double Free in cURL - CVE-2022-42915


Vulnerability identifier: #VU68748

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42915

CWE-ID: CWE-415

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
cURL
Client/Desktop applications / Other client software

Vendor: curl.haxx.se

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing non-200 proxy HTTP responses for the following schemes: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, telnet. A remote attacker can trigger a double free error by forcing the application into connecting to resources that are not allowed by the configured proxy.


Mitigation
Install updates from vendor's website.

Vulnerable software versions

cURL: 7.77.0 - 7.85.0

External links
https://curl.haxx.se/docs/CVE-2022-42915.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Amazon Linux AMI update for curl
Multiple vulnerabilities in Dell ThinOS
Multiple vulnerabilities in IBM Engineering Requirements Management DOORS/DWA
Splunk Enterprise update for third-party packages
Multiple vulnerabilities in Dell Data Protection Central
Splunk Universal Forwarder update for third-party packages
Multiple vulnerabilities in IBM App Connect Enterprise
Multiple vulnerabilities in Siemens SINEC NMS
Multiple vulnerabilities in IBM PowerSC
Multiple vulnerabilities in IBM Rational ClearCase