Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-32221

Опубликовано: 05 дек. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 9.8

Описание

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent POST request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

РелизСтатусПримечание
bionic

released

7.58.0-2ubuntu3.21
devel

released

7.86.0-1
esm-infra-legacy/trusty

released

7.35.0-1ubuntu2.20+esm13
esm-infra/bionic

released

7.58.0-2ubuntu3.21
esm-infra/focal

released

7.68.0-1ubuntu2.14
esm-infra/xenial

released

7.47.0-1ubuntu2.19+esm6
focal

released

7.68.0-1ubuntu2.14
jammy

released

7.81.0-1ubuntu1.6
kinetic

released

7.85.0-1ubuntu0.1
trusty

ignored

end of standard support

Показывать по

Ссылки на источники

EPSS

Процентиль: 81%
0.01621
Низкий

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-32221

CVSS3: 4.8
redhat
около 3 лет назад

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

nvd логотип

CVE-2022-32221

CVSS3: 9.8
nvd
почти 3 года назад

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

msrc логотип

CVE-2022-32221

CVSS3: 9.8
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2022-32221

CVSS3: 9.8
debian
почти 3 года назад

When doing HTTP(S) transfers, libcurl might erroneously use the read c ...

suse-cvrf логотип

SUSE-SU-2022:3773-1

suse-cvrf
около 3 лет назад

Security update for curl

EPSS

Процентиль: 81%
0.01621
Низкий

9.8 Critical

CVSS3