Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-27780

Опубликовано: 02 июн. 2022
Источник: debian
EPSS Низкий

Описание

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
curlfixed7.83.1-1package
curlnot-affectedbullseyepackage
curlnot-affectedbusterpackage
curlnot-affectedstretchpackage

Примечания

  • https://www.openwall.com/lists/oss-security/2022/05/11/3

  • https://curl.se/docs/CVE-2022-27780.html

  • Introduced by: https://github.com/curl/curl/commit/9a8564a920188e49d5bd8c1c8573ddef97f6e03a (curl-7_80_0)

  • Fixed by: https://github.com/curl/curl/commit/914aaab9153764ef8fa4178215b8ad89d3ac263a (curl-7_83_1)

EPSS

Процентиль: 26%
0.00087
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-27780

CVSS3: 7.5
ubuntu
около 3 лет назад

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.

redhat логотип

CVE-2022-27780

CVSS3: 7.5
redhat
около 3 лет назад

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.

nvd логотип

CVE-2022-27780

CVSS3: 7.5
nvd
около 3 лет назад

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.

msrc логотип

CVE-2022-27780

CVSS3: 7.5
msrc
около 3 лет назад

Описание отсутствует

github логотип

GHSA-82rv-h33p-2xgc

CVSS3: 7.5
github
около 3 лет назад

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.

EPSS

Процентиль: 26%
0.00087
Низкий