CVE-2022-27782
Description
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.439
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Curl For Windows 7.83.0 | Windows |
| Multiple vulnerabilities are fixed in Curl For Windows 7.83.1 | Windows |
| Multiple vulnerabilities are affected in Oracle HTTP Server 12.2.1.4.0 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.59 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.60 | Windows |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) curl_7.81.0-1ubuntu1.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) curl_7.81.0-1ubuntu1.3_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) curl_7.58.0-2ubuntu3.19_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) curl_7.58.0-2ubuntu3.19_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) curl_7.68.0-1ubuntu2.12_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) curl_7.68.0-1ubuntu2.12_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) curl_7.74.0-1.3ubuntu2.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) curl_7.74.0-1.3ubuntu2.3_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl4_7.81.0-1ubuntu1.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl4_7.81.0-1ubuntu1.3_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl4_7.58.0-2ubuntu3.19_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl4_7.58.0-2ubuntu3.19_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl4_7.68.0-1ubuntu2.12_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl4_7.68.0-1ubuntu2.12_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl4_7.74.0-1.3ubuntu2.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl4_7.74.0-1.3ubuntu2.3_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl3-nss_7.81.0-1ubuntu1.6_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl3-nss_7.81.0-1ubuntu1.6_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl3-nss_7.58.0-2ubuntu3.21_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl3-nss_7.58.0-2ubuntu3.21_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl3-nss_7.68.0-1ubuntu2.14_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl3-nss_7.68.0-1ubuntu2.14_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl3-nss_7.74.0-1.3ubuntu2.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl3-nss_7.74.0-1.3ubuntu2.3_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl3-gnutls_7.81.0-1ubuntu1.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl3-gnutls_7.81.0-1ubuntu1.3_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl3-gnutls_7.58.0-2ubuntu3.19_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl3-gnutls_7.58.0-2ubuntu3.19_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl3-gnutls_7.68.0-1ubuntu2.12_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl3-gnutls_7.68.0-1ubuntu2.12_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl3-gnutls_7.74.0-1.3ubuntu2.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5412-1) libcurl3-gnutls_7.74.0-1.3ubuntu2.3_amd64.deb | Linux |
| SUSE-SU-2022:1805-1(SUSE Linux Enterprise Server 12-SP5 ) curl-7.60.0-11.40.2.x86_64.rpm | Linux |
| SUSE-SU-2022:1805-1(SUSE Linux Enterprise Server 12-SP5 ) curl-debuginfo-7.60.0-11.40.2.x86_64.rpm | Linux |
| SUSE-SU-2022:1805-1(SUSE Linux Enterprise Server 12-SP5 ) curl-debugsource-7.60.0-11.40.2.x86_64.rpm | Linux |
| SUSE-SU-2022:1805-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-7.60.0-11.40.2.x86_64.rpm | Linux |
| SUSE-SU-2022:1805-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-32bit-7.60.0-11.40.2.x86_64.rpm | Linux |
| SUSE-SU-2022:1805-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-debuginfo-7.60.0-11.40.2.x86_64.rpm | Linux |
| SUSE-SU-2022:1805-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-debuginfo-32bit-7.60.0-11.40.2.x86_64.rpm | Linux |
| (RHSA-2022:5313) curl security update curl-7.61.1-22.el8_6.3.x86_64.rpm | Linux |
| (RHSA-2022:5313) curl security update curl-debugsource-7.61.1-22.el8_6.3.i686.rpm | Linux |
| (RHSA-2022:5313) curl security update curl-debugsource-7.61.1-22.el8_6.3.x86_64.rpm | Linux |
| (RHSA-2022:5313) curl security update libcurl-7.61.1-22.el8_6.3.i686.rpm | Linux |
| (RHSA-2022:5313) curl security update libcurl-7.61.1-22.el8_6.3.x86_64.rpm | Linux |
| (RHSA-2022:5313) curl security update libcurl-devel-7.61.1-22.el8_6.3.i686.rpm | Linux |
| (RHSA-2022:5313) curl security update libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpm | Linux |
| (RHSA-2022:5313) curl security update libcurl-minimal-7.61.1-22.el8_6.3.i686.rpm | Linux |
| (RHSA-2022:5313) curl security update libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpm | Linux |
| Curl update (ELSA-2022-5313) curl-7.61.1-22.el8_6.3.x86_64.rpm | Linux |
| Libcurl update (ELSA-2022-5313) libcurl-7.61.1-22.el8_6.3.i686.rpm | Linux |
| Libcurl update (ELSA-2022-5313) libcurl-7.61.1-22.el8_6.3.x86_64.rpm | Linux |
| Libcurl-devel update (ELSA-2022-5313) libcurl-devel-7.61.1-22.el8_6.3.i686.rpm | Linux |
| Libcurl-devel update (ELSA-2022-5313) libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpm | Linux |
| Libcurl-minimal update (ELSA-2022-5313) libcurl-minimal-7.61.1-22.el8_6.3.i686.rpm | Linux |
| Libcurl-minimal update (ELSA-2022-5313) libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpm | Linux |
| curl security update(DSA-5197-1) curl_7.74.0-1.3+deb11u2_amd64.deb | Linux |
| curl security update (RLSA-2022:5313) curl-7.61.1-22.el8_6.3.x86_64.rpm | Linux |
| curl security update (RLSA-2022:5313) libcurl-7.61.1-22.el8_6.3.i686.rpm | Linux |
| curl security update (RLSA-2022:5313) libcurl-7.61.1-22.el8_6.3.x86_64.rpm | Linux |
| curl security update (RLSA-2022:5313) libcurl-devel-7.61.1-22.el8_6.3.i686.rpm | Linux |
| curl security update (RLSA-2022:5313) libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpm | Linux |
| curl security update (RLSA-2022:5313) libcurl-minimal-7.61.1-22.el8_6.3.i686.rpm | Linux |
| curl security update (RLSA-2022:5313) libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpm | Linux |
| Curl update (ELSA-2022-5245) curl-7.76.1-14.el9_0.4.x86_64.rpm | Linux |
| Curl-minimal update (ELSA-2022-5245) curl-minimal-7.76.1-14.el9_0.4.x86_64.rpm | Linux |
| Libcurl update (ELSA-2022-5245) libcurl-7.76.1-14.el9_0.4.i686.rpm | Linux |
| Libcurl update (ELSA-2022-5245) libcurl-7.76.1-14.el9_0.4.x86_64.rpm | Linux |
| Libcurl-devel update (ELSA-2022-5245) libcurl-devel-7.76.1-14.el9_0.4.i686.rpm | Linux |
| Libcurl-devel update (ELSA-2022-5245) libcurl-devel-7.76.1-14.el9_0.4.x86_64.rpm | Linux |
| Libcurl-minimal update (ELSA-2022-5245) libcurl-minimal-7.76.1-14.el9_0.4.i686.rpm | Linux |
| Libcurl-minimal update (ELSA-2022-5245) libcurl-minimal-7.76.1-14.el9_0.4.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234