Security Bulletin: libcurl as used by IBM QRadar Wincollect agent is vulnerable to denial of service (CVE-2022-43552, CVE-2022-43551)

Summary

libcurl as used by the IBM QRadar Wincollect standalone agent is vulnerable to denial of service. IBM has addressed the relevant vulnerabilities.

Vulnerability Details

CVEID:CVE-2022-43552
**DESCRIPTION:**cURL libcurl is vulnerable to a denial of service, caused by a use-after-free flaw when using an HTTP proxy. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242799 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-43551
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass HSTS check.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242798 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Remediation/Fixes

IBM recommends customers upgrade their systems promptly.

There is a new upgrade for the Wincollect standalone agent. The following Wincollect standalone agent versions can be used to upgrade the affected versions to resolve the vulnerability. For information on how to upgrade your WinCollect version, see the WinCollect 10.1.2 release notes: <https://www.ibm.com/support/pages/node/6855665&gt;

Download and install the Wincollect standalone agent version 10.1.2:

WinCollect Agent MSI (64-bit) - Standalone only

WinCollect Agent MSI (32-bit) - Standalone only

Workarounds and Mitigations

None