CVE-2022-32207
Description
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.204
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 are affected in Curl For Windows 7.83.1 | Windows |
| Vulnerabilities CVE-2022-32208,CVE-2022-32207,CVE-2022-32206,CVE-2022-32205 are fixed in Curl For Windows 7.84.0 | Windows |
| Multiple vulnerabilities are fixed in Mac OS - Ventura (Software Update) - AutoReboot (13.7.6) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura (Software Update) - AutoReboot (13.7.5) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura (Software Update) - AutoReboot (13.7.3) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura (Software Update) - AutoReboot (13.7.2) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.7.1 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.7 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura (Software Update) - AutoReboot (13.7.4) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.7.8 (Software Update) (Auto Reboot) (CVE-2025-43300) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.8 (Software Update) - AutoReboot (CVE-2024-27877) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.7 (Software Update) - AutoReboot (CVE-2024-27789 , CVE-2023-42861 , CVE-2024-23296) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.5 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.4 (Software Update) - AutoReboot (CVE-2024-23222) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.3 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.1 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6 (Software Update) - AutoReboot (CVE-2023-41992,CVE-2023-41991) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.2 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.6 (Software Update) - AutoReboot (CVE-2024-1580) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.6.9 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.5 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.5.1 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.5.2 (Software Update) - AutoReboot (CVE-2023-41064) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.4 (Software Update) - AutoReboot(CVE-2023-32409,CVE-2023-28204,CVE-2023-32373) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.4.1 (Software Update) - AutoReboot(CVE-2023-32434,CVE-2023-32439) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.3 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.3.1 (Software Update) - AutoReboot (CVE-2023-28206,CVE-2023-28205) | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.2 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.2.1 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.1 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13 - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Ventura 13.0.1 (Software Update) - AutoReboot | Mac |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) curl_7.81.0-1ubuntu1.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) curl_7.81.0-1ubuntu1.4_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) curl_7.58.0-2ubuntu3.20_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) curl_7.58.0-2ubuntu3.20_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) curl_7.68.0-1ubuntu2.13_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) curl_7.68.0-1ubuntu2.13_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) curl_7.74.0-1.3ubuntu2.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) curl_7.74.0-1.3ubuntu2.3_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl4_7.81.0-1ubuntu1.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl4_7.81.0-1ubuntu1.4_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl4_7.58.0-2ubuntu3.20_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl4_7.58.0-2ubuntu3.20_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl4_7.68.0-1ubuntu2.13_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl4_7.68.0-1ubuntu2.13_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl4_7.74.0-1.3ubuntu2.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl4_7.74.0-1.3ubuntu2.3_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-nss_7.81.0-1ubuntu1.6_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-nss_7.81.0-1ubuntu1.6_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-nss_7.58.0-2ubuntu3.21_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-nss_7.58.0-2ubuntu3.21_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-nss_7.68.0-1ubuntu2.14_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-nss_7.68.0-1ubuntu2.14_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-nss_7.74.0-1.3ubuntu2.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-nss_7.74.0-1.3ubuntu2.3_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-gnutls_7.81.0-1ubuntu1.4_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-gnutls_7.81.0-1ubuntu1.4_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-gnutls_7.58.0-2ubuntu3.20_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-gnutls_7.58.0-2ubuntu3.20_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-gnutls_7.68.0-1ubuntu2.13_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-gnutls_7.68.0-1ubuntu2.13_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-gnutls_7.74.0-1.3ubuntu2.3_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-5495-1) libcurl3-gnutls_7.74.0-1.3ubuntu2.3_amd64.deb | Linux |
| curl security update(DSA-5197-1) curl_7.74.0-1.3+deb11u2_amd64.deb | Linux |
| Curl update (ELSA-2022-6157) curl-7.76.1-14.el9_0.5.x86_64.rpm | Linux |
| Curl-minimal update (ELSA-2022-6157) curl-minimal-7.76.1-14.el9_0.5.x86_64.rpm | Linux |
| Libcurl update (ELSA-2022-6157) libcurl-7.76.1-14.el9_0.5.i686.rpm | Linux |
| Libcurl update (ELSA-2022-6157) libcurl-7.76.1-14.el9_0.5.x86_64.rpm | Linux |
| Libcurl-devel update (ELSA-2022-6157) libcurl-devel-7.76.1-14.el9_0.5.i686.rpm | Linux |
| Libcurl-devel update (ELSA-2022-6157) libcurl-devel-7.76.1-14.el9_0.5.x86_64.rpm | Linux |
| Libcurl-minimal update (ELSA-2022-6157) libcurl-minimal-7.76.1-14.el9_0.5.i686.rpm | Linux |
| Libcurl-minimal update (ELSA-2022-6157) libcurl-minimal-7.76.1-14.el9_0.5.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-debugsource-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611833 | Mac OS - Ventura 13.7.8 (Software Update) (Auto Reboot) (CVE-2025-43300) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
| PATCH-611601 | Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234