CVE-2022-27778

🗓️ 01 Jun 2022 19:03:32Reported by hackeroneType

Use of incorrectly resolved name vulnerability in 7.83.

Reporter	Title	Published	Views	Family All 257
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC	23 Sep 202222:05	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in libcURL affect IBM Rational ClearCase ( CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27782, CVE-2022-30115, CVE-2022-27774 )	25 Jul 202214:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module use libcurl with multiple known vulnerabilities	6 Oct 202204:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities fixed in 9.7.2.7	24 Oct 202411:46	–	ibm
FreeBSD	curl -- Multiple vulnerabilities	11 May 202200:00	–	freebsd
FreeBSD	MySQL -- Multiple vulnerabilities	19 Jul 202200:00	–	freebsd
ALT Linux	Security fix for the ALT Linux 10 package curl version 7.83.1-alt1	19 May 202200:00	–	altlinux
ATTACKERKB	CVE-2022-27778	2 Jun 202214:15	–	attackerkb
AlpineLinux	CVE-2022-27778	1 Jun 202219:03	–	alpinelinux
BDU FSTEC	The vulnerability lies in the implementation of the --no-clobber and --remove-on-error options in the cURL command-line utility, which allow a malicious user to delete any files they desire.	30 May 202200:00	–	bdu_fstec

[
  {
    "product": "https://github.com/curl/curl",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "fixed in 7.83.1"
      }
    ]
  }
]

Source	Link
security	www.security.netapp.com/advisory/ntap-20220609-0009/
security	www.security.netapp.com/advisory/ntap-20220729-0004/
oracle	www.oracle.com/security-alerts/cpujul2022.html
hackerone	www.hackerone.com/reports/1553598

29 Jul 2022 19:09Current

9High risk

Vulners AI Score9

EPSS0.03453

CWE-706