Home

CVE-2022-22576

Description

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.241

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2022-22576,CVE-2022-27774,CVE-2022-27775,CVE-2022-27776 are affected in Curl For Windows 7.82.0Windows
Vulnerabilities CVE-2022-27776,CVE-2022-27775,CVE-2022-27774,CVE-2022-22576 are fixed in Curl For Windows 7.83.0Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.4Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.5Windows
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.81.0-1ubuntu1.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.81.0-1ubuntu1.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.58.0-2ubuntu3.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.58.0-2ubuntu3.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.68.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.68.0-1ubuntu2.10_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.74.0-1.3ubuntu2.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.74.0-1.3ubuntu2.1_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.81.0-1ubuntu1.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.81.0-1ubuntu1.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.58.0-2ubuntu3.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.58.0-2ubuntu3.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.68.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.68.0-1ubuntu2.10_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.74.0-1.3ubuntu2.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.74.0-1.3ubuntu2.1_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.81.0-1ubuntu1.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.81.0-1ubuntu1.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.58.0-2ubuntu3.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.58.0-2ubuntu3.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.68.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.68.0-1ubuntu2.10_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.74.0-1.3ubuntu2.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.74.0-1.3ubuntu2.1_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.81.0-1ubuntu1.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.81.0-1ubuntu1.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.58.0-2ubuntu3.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.58.0-2ubuntu3.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.68.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.68.0-1ubuntu2.10_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.74.0-1.3ubuntu2.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.74.0-1.3ubuntu2.1_amd64.debLinux
SUSE-SU-2022:1680-1(SUSE Linux Enterprise Server 12-SP5 ) curl-7.60.0-11.37.1.x86_64.rpmLinux
SUSE-SU-2022:1680-1(SUSE Linux Enterprise Server 12-SP5 ) curl-debuginfo-7.60.0-11.37.1.x86_64.rpmLinux
SUSE-SU-2022:1680-1(SUSE Linux Enterprise Server 12-SP5 ) curl-debugsource-7.60.0-11.37.1.x86_64.rpmLinux
SUSE-SU-2022:1680-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-7.60.0-11.37.1.x86_64.rpmLinux
SUSE-SU-2022:1680-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-32bit-7.60.0-11.37.1.x86_64.rpmLinux
SUSE-SU-2022:1680-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-debuginfo-7.60.0-11.37.1.x86_64.rpmLinux
SUSE-SU-2022:1680-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-debuginfo-32bit-7.60.0-11.37.1.x86_64.rpmLinux
(RHSA-2022:5313) curl security update curl-7.61.1-22.el8_6.3.x86_64.rpmLinux
(RHSA-2022:5313) curl security update curl-debugsource-7.61.1-22.el8_6.3.i686.rpmLinux
(RHSA-2022:5313) curl security update curl-debugsource-7.61.1-22.el8_6.3.x86_64.rpmLinux
(RHSA-2022:5313) curl security update libcurl-7.61.1-22.el8_6.3.i686.rpmLinux
(RHSA-2022:5313) curl security update libcurl-7.61.1-22.el8_6.3.x86_64.rpmLinux
(RHSA-2022:5313) curl security update libcurl-devel-7.61.1-22.el8_6.3.i686.rpmLinux
(RHSA-2022:5313) curl security update libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpmLinux
(RHSA-2022:5313) curl security update libcurl-minimal-7.61.1-22.el8_6.3.i686.rpmLinux
(RHSA-2022:5313) curl security update libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpmLinux
Curl update (ELSA-2022-5313) curl-7.61.1-22.el8_6.3.x86_64.rpmLinux
Libcurl update (ELSA-2022-5313) libcurl-7.61.1-22.el8_6.3.i686.rpmLinux
Libcurl update (ELSA-2022-5313) libcurl-7.61.1-22.el8_6.3.x86_64.rpmLinux
Libcurl-devel update (ELSA-2022-5313) libcurl-devel-7.61.1-22.el8_6.3.i686.rpmLinux
Libcurl-devel update (ELSA-2022-5313) libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpmLinux
Libcurl-minimal update (ELSA-2022-5313) libcurl-minimal-7.61.1-22.el8_6.3.i686.rpmLinux
Libcurl-minimal update (ELSA-2022-5313) libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpmLinux
curl security update(DSA-5197-1) curl_7.74.0-1.3+deb11u2_amd64.debLinux
curl security update (RLSA-2022:5313) curl-7.61.1-22.el8_6.3.x86_64.rpmLinux
curl security update (RLSA-2022:5313) libcurl-7.61.1-22.el8_6.3.i686.rpmLinux
curl security update (RLSA-2022:5313) libcurl-7.61.1-22.el8_6.3.x86_64.rpmLinux
curl security update (RLSA-2022:5313) libcurl-devel-7.61.1-22.el8_6.3.i686.rpmLinux
curl security update (RLSA-2022:5313) libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpmLinux
curl security update (RLSA-2022:5313) libcurl-minimal-7.61.1-22.el8_6.3.i686.rpmLinux
curl security update (RLSA-2022:5313) libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpmLinux
Curl update (ELSA-2022-5245) curl-7.76.1-14.el9_0.4.x86_64.rpmLinux
Curl-minimal update (ELSA-2022-5245) curl-minimal-7.76.1-14.el9_0.4.x86_64.rpmLinux
Libcurl update (ELSA-2022-5245) libcurl-7.76.1-14.el9_0.4.i686.rpmLinux
Libcurl update (ELSA-2022-5245) libcurl-7.76.1-14.el9_0.4.x86_64.rpmLinux
Libcurl-devel update (ELSA-2022-5245) libcurl-devel-7.76.1-14.el9_0.4.i686.rpmLinux
Libcurl-devel update (ELSA-2022-5245) libcurl-devel-7.76.1-14.el9_0.4.x86_64.rpmLinux
Libcurl-minimal update (ELSA-2022-5245) libcurl-minimal-7.76.1-14.el9_0.4.i686.rpmLinux
Libcurl-minimal update (ELSA-2022-5245) libcurl-minimal-7.76.1-14.el9_0.4.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234