Lucene search

K
osvGoogleOSV:CVE-2022-27782
HistoryJun 02, 2022 - 2:15 p.m.

CVE-2022-27782

2022-06-0214:15:44
Google
osv.dev
21
libcurl
connection
vulnerability
software
tls
ssh

EPSS

0.002

Percentile

56.7%

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.