curl: CVE-2022-27781: CERTINFO never-ending busy-loop

🗓️ 30 Apr 2022 19:24:14Reported by sybrType

hackerone

hackerone🔗 hackerone.com👁 81 Views

Curl DoS due to endless loop in NSS CERTINF

Reporter	Title	Published	Views	Family All 151
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC	23 Sep 202222:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java, OpenSSL, and libcurl may affect IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V	4 Apr 202418:41	–	ibm
IBM Security Bulletins	Security Bulletin: Execution Engine for Apache Hadoop is vulnerable to heap-based buffer overflow and remote attacker to bypass security restrictions	20 Feb 202503:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module use libcurl with multiple known vulnerabilities	6 Oct 202204:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues	15 Apr 202502:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues	12 Apr 202414:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java, OpenSSL, and libcurl may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware	4 Apr 202418:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities fixed in 9.7.2.7	24 Oct 202411:46	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libcurl affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents	19 Sep 202222:54	–	ibm
FreeBSD	curl -- Multiple vulnerabilities	11 May 202200:00	–	freebsd

16 May 2022 09:01Current

0.1Low risk

Vulners AI Score0.1

EPSS0.00077

curl dos nss certinfo cve-2022-27781 server loop cpu webserver severity deprecation