Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-32208

Опубликовано: 27 июн. 2022
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

A vulnerability was found in curl. This issue occurs because it mishandles message verification failures when curl does FTP transfers secured by krb5. This flaw makes it possible for a Man-in-the-middle attack to go unnoticed and allows data injection into the client.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
.NET Core 3.1 on Red Hat Enterprise Linuxrh-dotnet31-curlOut of support scope
Red Hat Enterprise Linux 6curlOut of support scope
Red Hat Enterprise Linux 7curlOut of support scope
Red Hat Software Collectionshttpd24-curlWill not fix
JBoss Core Services for RHEL 8jbcs-httpd24-curlFixedRHSA-2022:884008.12.2022
JBoss Core Services on RHEL 7jbcs-httpd24-curlFixedRHSA-2022:884008.12.2022
Red Hat Enterprise Linux 8curlFixedRHSA-2022:615924.08.2022
Red Hat Enterprise Linux 9curlFixedRHSA-2022:615724.08.2022
Red Hat Enterprise Linux 9curlFixedRHSA-2022:615724.08.2022
Text-Only JBCSjbcs-httpd24-curlFixedRHSA-2022:884108.12.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-924
https://bugzilla.redhat.com/show_bug.cgi?id=2099306curl: FTP-KRB bad message verification

EPSS

Процентиль: 53%
0.00305
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-32208

CVSS3: 5.9
ubuntu
больше 3 лет назад

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

nvd логотип

CVE-2022-32208

CVSS3: 5.9
nvd
больше 3 лет назад

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

msrc логотип

CVE-2022-32208

CVSS3: 5.9
msrc
больше 3 лет назад

When curl < 7.84.0 does FTP transfers secured by krb5 it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

debian логотип

CVE-2022-32208

CVSS3: 5.9
debian
больше 3 лет назад

When curl < 7.84.0 does FTP transfers secured by krb5, it handles mess ...

suse-cvrf логотип

SUSE-SU-2022:2356-1

suse-cvrf
больше 3 лет назад

Security update for curl

EPSS

Процентиль: 53%
0.00305
Низкий

5.3 Medium

CVSS3