Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2023:0333

Опубликовано: 23 янв. 2023
Источник: rocky
Оценка: Moderate

Описание

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: POST following PUT confusion (CVE-2022-32221)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
curlx86_6419.el9_1.1curl-7.76.1-19.el9_1.1.x86_64.rpm
curl-minimalx86_6419.el9_1.1curl-minimal-7.76.1-19.el9_1.1.x86_64.rpm
libcurlx86_6419.el9_1.1libcurl-7.76.1-19.el9_1.1.x86_64.rpm
libcurl-minimalx86_6419.el9_1.1libcurl-minimal-7.76.1-19.el9_1.1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2022-32221

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2022-32221

CVSS3: 9.8
ubuntu
больше 2 лет назад

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

redhat логотип

CVE-2022-32221

CVSS3: 4.8
redhat
больше 2 лет назад

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

nvd логотип

CVE-2022-32221

CVSS3: 9.8
nvd
больше 2 лет назад

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

msrc логотип

CVE-2022-32221

CVSS3: 9.8
msrc
12 месяцев назад

Описание отсутствует

debian логотип

CVE-2022-32221

CVSS3: 9.8
debian
больше 2 лет назад

When doing HTTP(S) transfers, libcurl might erroneously use the read c ...