The vulnerability of the cURL command-line utility lies in the insufficient protection of registration data, allowing an attacker to gain unauthorized access to the protected information.

🗓️ 20 May 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Curl data protection flaw leaks cookie headers on redirects to the same host with a different port.

Reporter	Title	Published	Views	Family All 247
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC	23 Sep 202222:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to data information exposure in cURL libcurl (CVE-2022-27776)	12 Jan 202321:59	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-27782, CVE-2022-27774, CVE-2021-22947, CVE-2022-22576, CVE-2022-27776, CVE-2021-22946)	17 Sep 202202:05	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Protect Plus (CVE-2021-22946, CVE-2022-27782, CVE-2022-27774, CVE-2022-22576, CVE-2021-22947, CVE-2022-27776)	17 Sep 202212:04	–	ibm
IBM Security Bulletins	Security Bulletin: Execution Engine for Apache Hadoop is vulnerable to heap-based buffer overflow and remote attacker to bypass security restrictions	20 Feb 202503:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar WinCollect is vulnerable to using components with known vulnerabilities	17 Jun 202218:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty	9 Aug 202205:46	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps	26 Mar 202502:21	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.	15 Dec 202209:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module use libcurl with multiple known vulnerabilities	6 Oct 202204:10	–	ibm

Vulners

Node

daniel_stenberg curlRange4.9–7.83.0

OR

red_hat red_hat_enterprise_linuxMatch8

OR

fedora fedoraMatch34

OR

fedora fedoraMatch35

OR

fedora fedoraMatch36

Source	Link
access	www.access.redhat.com/security/cve/cve-2022-27776
redos	www.redos.red-soft.ru/support/secure/
bodhi	www.bodhi.fedoraproject.org/updates/FEDORA-2022-fc5776b142
bodhi	www.bodhi.fedoraproject.org/updates/FEDORA-2022-411f088574
bodhi	www.bodhi.fedoraproject.org/updates/FEDORA-2022-3517572083
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
curl	www.curl.se/docs/CVE-2022-27776.html
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
altsp	www.altsp.su/obnovleniya-bezopasnosti/
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.5/

27 Mar 2026 00:00Current

6.6Medium risk

Vulners AI Score6.6

CVSS 34.3

CVSS 25

EPSS0.03425

curl vulnerability cookie headers redirects same host different port unauthorized access