Lucene search
K

TencentOS Server 3: curl (TSSA-2022:0142)

🗓️ 16 Jun 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 3 Views

TencentOS Server 3 has vulnerabilities in curl affecting authentication and credential protection.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC
23 Sep 202222:05
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v5.0.3 is vulnerable to multiple Operator package issues
12 Dec 202416:58
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to data information exposure in cURL libcurl (CVE-2022-27776)
12 Jan 202321:59
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-27782, CVE-2022-27774, CVE-2021-22947, CVE-2022-22576, CVE-2022-27776, CVE-2021-22946)
17 Sep 202202:05
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Protect Plus (CVE-2021-22946, CVE-2022-27782, CVE-2022-27774, CVE-2022-22576, CVE-2021-22947, CVE-2022-27776)
17 Sep 202212:04
ibm
IBM Security Bulletins
Security Bulletin: Execution Engine for Apache Hadoop is vulnerable to heap-based buffer overflow and remote attacker to bypass security restrictions
20 Feb 202503:40
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in libcURL affect IBM Rational ClearCase ( CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27782, CVE-2022-30115, CVE-2022-27774 )
25 Jul 202214:49
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in cURL libcurl (CVE-2022-22576).
12 Jan 202321:59
ibm
IBM Security Bulletins
Security Bulletin: IBM QRadar WinCollect is vulnerable to using components with known vulnerabilities
17 Jun 202218:45
ibm
IBM Security Bulletins
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty
9 Aug 202205:46
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2022:0142.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(239946);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/22");

  script_cve_id(
    "CVE-2022-22576",
    "CVE-2022-27774",
    "CVE-2022-27776",
    "CVE-2022-27782"
  );
  script_xref(name:"CEA-ID", value:"CEA-2022-0026");

  script_name(english:"TencentOS Server 3: curl (TSSA-2022:0142)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 3 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0142 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

    CVE-2022-22576:
    An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow
    reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated
    with the same credentials as set for this transfer. This issue leads to an authentication bypass, either
    by mistake or by a malicious actor.

    CVE-2022-27774:
    An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are
    affected that could allow leaking credentials to other servers when it follows redirects from auth-
    protected HTTP(S) URLs to other protocols and port numbers.

    CVE-2022-27776:
    A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or
    cookie header data on HTTP redirects to the same host but another port number. Sending the same set of
    headers to a server on a different port number is a problem for applications that pass on custom
    Authorization: or Cookie:headers. Those headers often contain privacy-sensitive information or data.

    CVE-2022-27782:
    A vulnerability was found in curl. This issue occurs because curl can reuse a previously created
    connection even when a TLS or SSH-related option is changed that should have prohibited reuse. This flaw
    leads to an authentication bypass, either by mistake or by a malicious actor.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20220142.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-22576");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/07/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:curl");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 3.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'curl-7.61.1-22.tl3.4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'curl-7.61.1-22.tl3.4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'curl-debuginfo-7.61.1-22.tl3.4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'curl-debuginfo-7.61.1-22.tl3.4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'curl-debugsource-7.61.1-22.tl3.4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'curl-debugsource-7.61.1-22.tl3.4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'curl-minimal-7.61.1-22.tl3.4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'curl-minimal-7.61.1-22.tl3.4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'curl-minimal-debuginfo-7.61.1-22.tl3.4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'curl-minimal-debuginfo-7.61.1-22.tl3.4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-7.61.1-22.tl3.4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-7.61.1-22.tl3.4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-debuginfo-7.61.1-22.tl3.4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-debuginfo-7.61.1-22.tl3.4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-devel-7.61.1-22.tl3.4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-devel-7.61.1-22.tl3.4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-minimal-7.61.1-22.tl3.4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-minimal-7.61.1-22.tl3.4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-minimal-debuginfo-7.61.1-22.tl3.4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-minimal-debuginfo-7.61.1-22.tl3.4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'curl / curl-debuginfo / curl-debugsource / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

22 Nov 2025 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 25.5
CVSS 3.18.1
EPSS0.03425
SSVC
3