A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.

Mitigation

Avoid using the SMB and TELNET protocols.

References

bugzilla.redhat.com/show_bug.cgi?id=2152652

curl.se/docs/CVE-2022-43552.html

nvd.nist.gov/vuln/detail/CVE-2022-43552

www.cve.org/CVERecord?id=CVE-2022-43552

ibm 20

redos 1

nessus 59

openvas 30

cbl_mariner 10

prion 1

cgr 1

kaspersky 2

ubuntucve 1

osv 7

alpinelinux 1

centos 1

debiancve 1

redhat 11

wolfi 1

veracode 1

hackerone 1

cvelist 1

mscve 1

oraclelinux 3

f5 1

cve 1

fedora 2

almalinux 2

ubuntu 2

cloudfoundry 1

mageia 1

photon 6

amazon 2

debian 2

rosalinux 1

ics 2

aix 1

gentoo 1

mskb 5

apple 1

tenable 1

avleonov 1

ibm

Security Bulletin: IBM Storage Ceph is vulnerable to Use After Free in RHEL (CVE-2022-43552 )

2024-01-18 21:00:02

Security Bulletin: IBM Storage Ceph is vulnerable to Use After Free in RHEL (CVE-2022-43552 )

2024-01-26 22:04:27

Security Bulletin: libcurl as used by IBM QRadar Wincollect agent is vulnerable to denial of service (CVE-2022-43552, CVE-2022-43551)

2023-01-25 19:11:03

redos

ROS-20230414-04

2023-04-14 00:00:00

nessus

EulerOS 2.0 SP10 : curl (EulerOS-SA-2023-1522)

2023-03-19 00:00:00

CentOS 7 : curl (RHSA-2023:7743)

2023-12-22 00:00:00

CentOS 9 : curl-7.76.1-22.el9

2024-02-29 00:00:00

openvas

CentOS: Security Advisory for curl (CESA-2023:7743)

2024-03-05 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1438)

2023-03-09 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:4598-1)

2022-12-22 00:00:00

cbl_mariner

CVE-2022-43552 affecting package cmake for versions less than 3.28.2-1

2024-03-19 17:21:46

CVE-2022-43552 affecting package mysql for versions less than 8.0.33-1

2023-05-03 16:24:32

CVE-2022-43552 affecting package tensorflow for versions less than 2.16.1-1

2024-04-17 22:02:46

prion

Path traversal

2023-02-09 20:15:00

cgr

CVE-2022-43552 vulnerabilities

2024-05-19 03:07:16

kaspersky

KLA48562 ACE vulnerability in Microsoft Windows

2023-02-10 00:00:00

KLA48563 ACE vulnerability in Microsoft Mariner

2023-02-10 00:00:00

ubuntucve

CVE-2022-43552

2022-12-21 00:00:00

osv

CVE-2022-43552

2023-02-09 20:15:10

curl vulnerabilities

2023-01-05 17:15:18

curl - security update

2023-01-27 00:00:00

alpinelinux

CVE-2022-43552

2023-02-09 20:15:10

centos

curl, libcurl security update

2024-01-12 19:12:33

debiancve

CVE-2022-43552

2023-02-09 20:15:10

redhat

(RHSA-2023:7743) Low: curl security update

2023-12-12 16:01:33

(RHSA-2023:2963) Low: curl security and bug fix update

2023-05-16 05:59:21

(RHSA-2023:2478) Low: curl security update

2023-05-09 05:11:57

wolfi

CVE-2022-43552 vulnerabilities

2024-06-01 21:07:39

veracode

Use-After-Free

2022-12-23 19:14:50

hackerone

curl: CVE-2022-43552: HTTP Proxy deny use-after-free

2022-11-07 16:45:50

cvelist

CVE-2022-43552

2023-02-09 00:00:00

mscve

Open Source Curl Remote Code Execution Vulnerability

2023-02-10 00:00:00

oraclelinux

curl security update

2023-12-12 00:00:00

curl security and bug fix update

2023-05-24 00:00:00

curl security update

2023-05-15 00:00:00

K000133092: cURL vulnerability CVE-2022-43552

2023-03-21 00:00:00

cve

CVE-2022-43552

2023-02-09 20:15:10

fedora

[SECURITY] Fedora 37 Update: curl-7.85.0-5.fc37

2022-12-26 01:06:29

[SECURITY] Fedora 36 Update: curl-7.82.0-12.fc36

2022-12-28 01:40:29

almalinux

Low: curl security update

2023-05-09 00:00:00

Low: curl security and bug fix update

2023-05-16 00:00:00

ubuntu

curl vulnerabilities

2023-01-05 00:00:00

curl vulnerabilities

2023-02-27 00:00:00

cloudfoundry

USN-5788-1: curl vulnerabilities | Cloud Foundry

2023-01-26 00:00:00

mageia

Updated curl packages fix security vulnerability

2022-12-31 01:39:00

photon

Important Photon OS Security Update - PHSA-2022-3.0-0508

2022-12-22 00:00:00

Important Photon OS Security Update - PHSA-2022-0304

2022-12-21 00:00:00

Important Photon OS Security Update - PHSA-2022-0551

2022-12-21 00:00:00

amazon

Medium: curl

2023-04-13 19:01:00

Medium: curl

2023-01-30 16:02:00

debian

[SECURITY] [DSA 5330-1] curl security update

2023-01-27 17:53:54

[SECURITY] [DLA 3288-1] curl security update

2023-01-28 21:20:10

rosalinux

Advisory ROSA-SA-2023-2221

2023-08-22 13:21:47

ics

Siemens SINEC NMS Third-Party

2023-05-11 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

aix

Multiple vulnerabilities cURL libcurl affect AIX

2023-06-29 09:35:59

gentoo

curl: Multiple Vulnerabilities

2023-10-11 00:00:00

mskb

April 11, 2023—KB5025221 (OS Builds 19042.2846, 19044.2846, and 19045.2846)

2023-04-11 07:00:00

April 11, 2023—KB5025239 (OS Build 22621.1555)

2023-04-11 07:00:00

April 11, 2023—KB5025224 (OS Build 22000.1817)

2023-04-11 07:00:00

apple

About the security content of macOS Ventura 13.3

2023-03-27 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

avleonov

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

2022-12-30 18:03:13

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.7%

JSON

Related for RH:CVE-2022-43552